Quellcode durchsuchen

Add support for ignored certificate chain errors (Self signed)

release/3.x.x
Christian Kratky vor 7 Jahren
Ursprung
Commit
4c4539509c
5 geänderte Dateien mit 32 neuen und 4 gelöschten Zeilen
  1. +12
    -2
      Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs
  2. +11
    -1
      Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs
  3. +7
    -1
      Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs
  4. BIN
     
  5. +2
    -0
      MQTTnet.Core/Client/MqttClientTlsOptions.cs

+ 12
- 2
Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs Datei anzeigen

@@ -37,6 +37,7 @@ namespace MQTTnet.Implementations
{
_socket = socket ?? throw new ArgumentNullException(nameof(socket));
_sslStream = sslStream;

CreateStreams(socket, sslStream);
}

@@ -55,8 +56,7 @@ namespace MQTTnet.Implementations

if (_options.TlsOptions.UseTls)
{
_sslStream = new SslStream(new NetworkStream(_socket, true));
_sslStream = new SslStream(new NetworkStream(_socket, true), false, UserCertificateValidationCallback);
await _sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(_options), SslProtocols.Tls12, _options.TlsOptions.CheckCertificateRevocation).ConfigureAwait(false);
}

@@ -97,6 +97,16 @@ namespace MQTTnet.Implementations
ReceiveStream = new BufferedStream(RawReceiveStream, BufferSize);
}

private bool UserCertificateValidationCallback(object sender, X509Certificate x509Certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
return _options.TlsOptions.IgnoreCertificateChainErrors;
}

return false;
}

private static X509CertificateCollection LoadCertificates(MqttClientOptions options)
{
var certificates = new X509CertificateCollection();


+ 11
- 1
Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs Datei anzeigen

@@ -51,7 +51,7 @@ namespace MQTTnet.Implementations

if (_options.TlsOptions.UseTls)
{
_sslStream = new SslStream(new NetworkStream(_socket, true));
_sslStream = new SslStream(new NetworkStream(_socket, true), false, UserCertificateValidationCallback);
ReceiveStream = _sslStream;
await _sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(_options), SslProtocols.Tls12, _options.TlsOptions.CheckCertificateRevocation).ConfigureAwait(false);
}
@@ -76,6 +76,16 @@ namespace MQTTnet.Implementations
_sslStream = null;
}

private bool UserCertificateValidationCallback(object sender, X509Certificate x509Certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
return _options.TlsOptions.IgnoreCertificateChainErrors;
}

return false;
}

private static X509CertificateCollection LoadCertificates(MqttClientOptions options)
{
var certificates = new X509CertificateCollection();


+ 7
- 1
Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs Datei anzeigen

@@ -24,6 +24,7 @@ namespace MQTTnet.Implementations
public MqttTcpChannel(StreamSocket socket)
{
_socket = socket ?? throw new ArgumentNullException(nameof(socket));

CreateStreams();
}

@@ -48,8 +49,13 @@ namespace MQTTnet.Implementations

if (!_options.TlsOptions.CheckCertificateRevocation)
{
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.IncompleteChain);
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.RevocationInformationMissing);
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.Revoked);
}

if (_options.TlsOptions.IgnoreCertificateChainErrors)
{
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.IncompleteChain);
}

await _socket.ConnectAsync(new HostName(_options.Server), _options.GetPort().ToString(), SocketProtectionLevel.Tls12);



+ 2
- 0
MQTTnet.Core/Client/MqttClientTlsOptions.cs Datei anzeigen

@@ -8,6 +8,8 @@ namespace MQTTnet.Core.Client

public bool CheckCertificateRevocation { get; set; }

public bool IgnoreCertificateChainErrors { get; set; }

public List<byte[]> Certificates { get; set; }
}
}

Laden…
Abbrechen
Speichern