问题描述
当我在客户端的 AuthenticateAsClientAsync 上调用 SslStream 时遇到此错误:The handshake Failed due to an unexpected packet format.
所有这些都使用套接字成功运行,因此证书和指纹设置正确,但在 Kestrel 中不起作用。我唯一能想到的是 Kestrel 不允许侦听主机名并且客户端上的主机名验证失败?我错过了什么?我将如何深入研究此错误以找到潜在问题?
客户端控制台应用
var client = new TcpClient();
await client.ConnectAsync("one.two.local",8005);
var sslStream = new SslStream(client.GetStream());;
// Todo: Use TLS 1.3 once Microsoft fixes their bugs
await sslStream.AuthenticateAsClientAsync(new SslClientAuthenticationoptions // #### ERROR HERE ####
{
CertificateRevocationCheckMode = X509RevocationMode.NoCheck,TargetHost = "one.two.local",EnabledSslProtocols = SslProtocols.Tls12,EncryptionPolicy = EncryptionPolicy.RequireEncryption,RemoteCertificateValidationCallback = (a,b,c,d) => true
});
服务器端主机生成器:
请注意,X509CertificateUtility 正在从本地机器存储加载证书并找到该证书。
WebHost.CreateDefaultBuilder(args)
.ConfigureServices(services => { })
.UseKestrel(options =>
{
options.Listen(IPAddress.Parse("127.0.0.9"),8005,builder =>
{
// child thumbprint (obfuscated for posting)
// certificate is found
var certificate = X509CertificateUtility.Find("4F6FFF21dFFF0FF743FFF44338F41F8FFFF46491");
// Todo: Use TLS 1.3 once Microsoft fixes their bugs
builder.UseHttps(new HttpsConnectionAdapterOptions
{
SslProtocols = SslProtocols.Tls12,CheckCertificateRevocation = false,ClientCertificateMode = ClientCertificateMode.NoCertificate,ServerCertificate = certificate,ClientCertificateValidation = (a,c) => true
});
builder.UseConnectionHandler<KairosConnectionHandler>();
});
})
.UseStartup<Startup>();
HOSTS 文件:
127.0.0.9 one.two.local
证书信息
Subject: one.two.local
Enhanced Key Usage: Client + Server Authentication
Subject Alternative Name: DNS Name=one.two.local
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)