浏览代码

Add support for ignored certificate chain errors (Self signed)

release/3.x.x
Christian Kratky 7 年前
父节点
当前提交
4c4539509c
共有 5 个文件被更改,包括 32 次插入4 次删除
  1. +12
    -2
      Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs
  2. +11
    -1
      Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs
  3. +7
    -1
      Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs
  4. 二进制
     
  5. +2
    -0
      MQTTnet.Core/Client/MqttClientTlsOptions.cs

+ 12
- 2
Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs 查看文件

@@ -37,6 +37,7 @@ namespace MQTTnet.Implementations
{
_socket = socket ?? throw new ArgumentNullException(nameof(socket));
_sslStream = sslStream;

CreateStreams(socket, sslStream);
}

@@ -55,8 +56,7 @@ namespace MQTTnet.Implementations

if (_options.TlsOptions.UseTls)
{
_sslStream = new SslStream(new NetworkStream(_socket, true));
_sslStream = new SslStream(new NetworkStream(_socket, true), false, UserCertificateValidationCallback);
await _sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(_options), SslProtocols.Tls12, _options.TlsOptions.CheckCertificateRevocation).ConfigureAwait(false);
}

@@ -97,6 +97,16 @@ namespace MQTTnet.Implementations
ReceiveStream = new BufferedStream(RawReceiveStream, BufferSize);
}

private bool UserCertificateValidationCallback(object sender, X509Certificate x509Certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
return _options.TlsOptions.IgnoreCertificateChainErrors;
}

return false;
}

private static X509CertificateCollection LoadCertificates(MqttClientOptions options)
{
var certificates = new X509CertificateCollection();


+ 11
- 1
Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs 查看文件

@@ -51,7 +51,7 @@ namespace MQTTnet.Implementations

if (_options.TlsOptions.UseTls)
{
_sslStream = new SslStream(new NetworkStream(_socket, true));
_sslStream = new SslStream(new NetworkStream(_socket, true), false, UserCertificateValidationCallback);
ReceiveStream = _sslStream;
await _sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(_options), SslProtocols.Tls12, _options.TlsOptions.CheckCertificateRevocation).ConfigureAwait(false);
}
@@ -76,6 +76,16 @@ namespace MQTTnet.Implementations
_sslStream = null;
}

private bool UserCertificateValidationCallback(object sender, X509Certificate x509Certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
return _options.TlsOptions.IgnoreCertificateChainErrors;
}

return false;
}

private static X509CertificateCollection LoadCertificates(MqttClientOptions options)
{
var certificates = new X509CertificateCollection();


+ 7
- 1
Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs 查看文件

@@ -24,6 +24,7 @@ namespace MQTTnet.Implementations
public MqttTcpChannel(StreamSocket socket)
{
_socket = socket ?? throw new ArgumentNullException(nameof(socket));

CreateStreams();
}

@@ -48,8 +49,13 @@ namespace MQTTnet.Implementations

if (!_options.TlsOptions.CheckCertificateRevocation)
{
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.IncompleteChain);
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.RevocationInformationMissing);
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.Revoked);
}

if (_options.TlsOptions.IgnoreCertificateChainErrors)
{
_socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.IncompleteChain);
}

await _socket.ConnectAsync(new HostName(_options.Server), _options.GetPort().ToString(), SocketProtectionLevel.Tls12);


二进制
查看文件


+ 2
- 0
MQTTnet.Core/Client/MqttClientTlsOptions.cs 查看文件

@@ -8,6 +8,8 @@ namespace MQTTnet.Core.Client

public bool CheckCertificateRevocation { get; set; }

public bool IgnoreCertificateChainErrors { get; set; }

public List<byte[]> Certificates { get; set; }
}
}

正在加载...
取消
保存