我正在创建一个需要加密连接的应用程序,但遇到了问题。我在同一台计算机上同时运行客户端和服务器。如果我在没有 SSL 的情况下连接(通过 TCPClient 和 TCPListener,一切正常。但是,使用 SSLStream class 一直给我 SocketException 0x80004005“Connection Actively Refused”。我一直在看其他帖子,但我似乎无法查明我的问题。
客户:
private void okButton_Click(object sender, RoutedEventArgs e)
{
string serverCertName = COMPUTER_NAME;
string machineName = "127.0.0.1";
SslStream stream = runClient(machineName, serverCertName, int.Parse(clientPort.Text));
if (stream.CanWrite)
{
MessageBox.Show("We can write to the stream. We have a connection!");
}
splitFile(this.sourceName);
}
public static bool ValidateServerCertificate(
object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
//disallow communication with unauthenticated servers
return false;
}
public static SslStream runClient(string machineName, string serverName, int port)
{
//create client socket, machineName is the host running the server
//THIS IS WHERE EVERYTHING FAILS
TcpClient client = new TcpClient(machineName, port);
SslStream sslStream = new SslStream(client.GetStream(),
false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
//server should match that is on that server cert
try
{
sslStream.AuthenticateAsClient(serverName);
}
catch (AuthenticationException e)
{
if (e.InnerException != null)
{
}
client.Close();
return null;
}
//encode message as byte array for testing, etc
return sslStream;
}
服务器:
static X509Certificate serverCertificate = null;
private void Window_Loaded(object sender, RoutedEventArgs e)
{
IPAddress ip = IPAddress.Parse("127.0.0.1");
int port = 13000;
string certificate = COMPUTER_NAME;
runServer(ip, port, certificate);
}
/// Start the ssl tcp listener
public static void runServer(IPAddress ip, int port, string certificate)
{
serverCertificate = X509Certificate.CreateFromCertFile(certificate);
TcpListener listener = new TcpListener(IPAddress.Any, port);
listener.Start();
while (true)
{
TcpClient client = listener.AcceptTcpClient();
processClient(client);
}
}
//executes if a client has connected. Create the SslStream using the connected client's stream
static void processClient(TcpClient client)
{
SslStream sslStream = new SslStream(client.GetStream(), false);
//authenticate the server, but doesn't require the client to authenticate
try
{
sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true);
//set timeouts to 5 seconds. Seems like a long time. If nothing happens after 5 sec it won't happen
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
string data = readMessage(sslStream);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
sslStream.Close();
client.Close();
}
}
我对 C# 中的一般 TCP/IP 连接是全新的,所以我完全有可能做了一些愚蠢、错误或过于复杂的事情。我发现(通过堆栈溢出)SslStream 是可行的方法,但我似乎无法让它工作。有人有什么想法吗?非常感谢您的帮助。
提前致谢!
最佳答案
我认为您正在尝试作为客户端进行身份验证,但您的服务器并未作为服务器进行身份验证。尝试并确保这同时发生并且它应该有效。
关于C# SSL 连接被主动拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6576562/