C# SSL 连接被主动拒绝

Question

我正在创建一个需要加密连接的应用程序，但遇到了问题。我在同一台计算机上同时运行客户端和服务器。如果我在没有 SSL 的情况下连接(通过 TCPClient 和 TCPListener，一切正常。但是，使用 SSLStream class 一直给我 SocketException 0x80004005“Connection Actively Refused”。我一直在看其他帖子，但我似乎无法查明我的问题。

客户:

private void okButton_Click(object sender, RoutedEventArgs e)
    {

        string serverCertName = COMPUTER_NAME;
        string machineName = "127.0.0.1";

        SslStream stream = runClient(machineName, serverCertName, int.Parse(clientPort.Text));

        if (stream.CanWrite)
        {
            MessageBox.Show("We can write to the stream. We have a connection!");
        }
        splitFile(this.sourceName);
    }

    public static bool ValidateServerCertificate(
        object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
        {
            return true;
        }
        //disallow communication with unauthenticated servers
        return false;
    }

    public static SslStream runClient(string machineName, string serverName, int port)
    {
        //create client socket, machineName is the host running the server
        //THIS IS WHERE EVERYTHING FAILS
        TcpClient client = new TcpClient(machineName, port);
        SslStream sslStream = new SslStream(client.GetStream(),
            false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);

        //server should match that is on that server cert
        try
        {
            sslStream.AuthenticateAsClient(serverName);
        }
        catch (AuthenticationException e)
        {
            if (e.InnerException != null)
            {

            }
            client.Close();
            return null;
        }

        //encode message as byte array for testing, etc
        return sslStream;
    }

服务器:

static X509Certificate serverCertificate = null;
    private void Window_Loaded(object sender, RoutedEventArgs e)
    {
        IPAddress ip = IPAddress.Parse("127.0.0.1");
        int port = 13000;
        string certificate = COMPUTER_NAME;

        runServer(ip, port, certificate);
    }

    /// Start the ssl tcp listener
    public static void runServer(IPAddress ip, int port, string certificate)
    {
        serverCertificate = X509Certificate.CreateFromCertFile(certificate);
        TcpListener listener = new TcpListener(IPAddress.Any, port);
        listener.Start();

        while (true)
        {
            TcpClient client = listener.AcceptTcpClient();
            processClient(client);
        }
    }

    //executes if a client has connected. Create the SslStream using the connected client's stream
    static void processClient(TcpClient client)
    {
        SslStream sslStream = new SslStream(client.GetStream(), false);

        //authenticate the server, but doesn't require the client to authenticate
        try
        {
            sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true);
            //set timeouts to 5 seconds. Seems like a long time. If nothing happens after 5 sec it won't happen
            sslStream.ReadTimeout = 5000;
            sslStream.WriteTimeout = 5000;
            string data = readMessage(sslStream);
        }
        catch (AuthenticationException e)
        {
            Console.WriteLine("Exception: {0}", e.Message);
            if (e.InnerException != null)
            {
                Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
            }
            Console.WriteLine("Authentication failed - closing the connection.");
            sslStream.Close();
            client.Close();
            return;
        }
        finally
        {
            sslStream.Close();
            client.Close();
        }
    }

我对 C# 中的一般 TCP/IP 连接是全新的，所以我完全有可能做了一些愚蠢、错误或过于复杂的事情。我发现(通过堆栈溢出)SslStream 是可行的方法，但我似乎无法让它工作。有人有什么想法吗？非常感谢您的帮助。

提前致谢!

Answer 1

我认为您正在尝试作为客户端进行身份验证，但您的服务器并未作为服务器进行身份验证。尝试并确保这同时发生并且它应该有效。