logo标签列表

根据验证程序,远程证书无效。

c#sslpop3
87

运行以下代码时,我会得到一个异常:

using (var client = new Pop3Client())
{
    client.Connect(provider.ServerWithoutPort, provider.Port, true);
}

我得到的异常:

The remote certificate is invalid according to the validation procedure.


   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
   at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
   at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
   at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:\Users\elad\Documents\Visual Studio 2010\Projects\SVN\UGI\Ugi\Server\Sources\Logic\SourcesService.cs:line 246
8
除了那个问题有一个可怕的被采纳的赞同答案之外,其他都一样。 - Gilles
6个回答
98

通常出现这种情况是由于以下原因之一:

  • 证书是自签名的,并未添加为受信任的证书。
  • 证书已过期。
  • 证书由未安装在您的计算机上的根证书签名。
  • 证书使用服务器的完全限定域地址进行签名。也就是说,必须使用“xyzServerName.ad.state.fl.us”而不是“xyzServerName”,因为这基本上是SSL证书所关注的服务器名称。
  • 尝试探测撤销列表,但无法找到/使用。
  • 证书通过中间CA证书签名,而服务器没有随同主机证书提供该中间证书。

尝试获取有关服务器证书的信息,并查看是否需要在客户端安装任何特定的证书以使其正常工作。

3
一直回到这里。每次都是根证书。非常感谢! :D - Squazz
9
该死...又回到了这里,而这次跟之前提到的任何点都不一样 :/ - Squazz
2
很遗憾不是@XYZ,我们最终做了其他事情 :/ - Squazz
2
我之所以出现这个错误,与证书无关(证书没问题),而是因为我在发出请求时使用的终端点不正确。 - user224567893
2
目前在sslPolicyErrors中遇到了“RemoteCertificateNameMismatch”问题。似乎主题名称不匹配,而备用名称没有完全检查(该名称作为主题IP地址存在于备用名称中,在浏览器中可以正常工作)。但是使用DNS名称可以正常工作。这个问题似乎已经在最新的.NET和/或Windows中得到了解决。 - Eugene Ryabtsev
显示剩余5条评论
79

来自Dominic Zukiewicz的更简短的解决方案:

ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

但这意味着您将信任所有证书。对于不仅在本地运行的服务,需要更加智能一些的东西。首先,您可以使用此代码仅测试是否解决了您的问题。

5
请参考此答案,了解为什么只有在极少数情况下才应该这样做:https://dev59.com/wXRB5IYBdhLWcg3wJkhC#6613434 - Squazz
11
在生产中似乎显然不应该使用,但是在开发中使用它可以事半功倍。 - BozoJoe
1
@BozoJoe 的意思是,“只有在这是一个学校项目的情况下才这样做”,否则我无法想象它的位置。 - Dan Chase
6
为了帮助大家,我在这里加上一些内容。如果你在使用HttpClient和dotnet core,你需要像这样做,但这不是一个安全的解决方案,仅适用于本地开发概念:HttpClientHandler handler = new HttpClientHandler();handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;_client = new HttpClient(handler); - Morgeth888
1
这个答案的PowerShell等效命令是:[System.Net.ServicePointManager]::ServerCertificateValidationCallback += {$true} - Joe Skeen
1
@DanChase 我正在设置一个临时环境来测试接近生产就绪的容器。所涉及的容器遇到了问题,因为我的测试实例仅使用自签名证书,而不是容器认为正在访问的域名的证书。 - RTD
33

我曾在测试一个项目时遇到了同样的问题,后来发现运行Fiddler导致了这个错误..!!

如果你正在使用Fiddler拦截http请求,请关闭它...

这是许多导致此错误的原因之一。

要修复Fiddler,您可能需要重置Fiddler Https证书

1
重置 Fiddler Https 证书的链接对我有用,谢谢。 - WooHoo
2
你,我的朋友,是一个冠军 :) 快速简单地解决了一个可能令人不知所措的问题! - Jimbo
32

连接的另一端发现.NET看到了一个无效的SSL证书。虽然有一种解决方法,但显然不建议在生产代码中使用:

// Put this somewhere that is only once - like an initialization method
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
   return true;
}
2
我得到了两次提示。一次是在连接时,另一次是在文件上传时。这是正常现象吗?我按照您的指示插入了代码。一个在初始化时,一个在我的FTP类中。 - B.K.
1
太好了,ServicePointManager 再次在开发中拯救我们。 - BozoJoe
2
这种方法还允许您在决定(始终)返回“true”之前检查X509证书的其他选项。 - tgolisch
2

你必须检查证书哈希码。

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain,
    errors) =>
        {
            var hashString = certificate.GetCertHashString();
            if (hashString != null)
            {
                var certHashString = hashString.ToLower();
                return certHashString == "dec2b525ddeemma8ccfaa8df174455d6e38248c5";
            }
            return false;
        };
-18

在发送电子邮件之前尝试放置这个

ServicePointManager.ServerCertificateValidationCallback = 
        delegate(object s, X509Certificate certificate, X509Chain chain,
        SslPolicyErrors sslPolicyErrors) { return true; };

记得添加所需的库!

30
你不应该推荐这种解决信任问题的方法,而不解释其风险。 - Jerico Sandhorn
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接