.Net SqlConnection,服务器身份validation和证书固定
使用s SqlConnection时如何固定证书? 从SqlConnection连接字符串参数关键字和值 ,我知道我可以将Encrypted设置为true以强制(鼓励?)使用SSL / TLS。
但是,为了固定证书,我认为我们需要使用ServicePointManager ServerCertificateValidationCallback (下面的示例代码由ArneVajhøj提供,用于HTTP / HTTPS)。 我不清楚如何将PinCertificate (从ServicePointManager )连接到SqlConnection 。
更新:在microsoft.public.dotnet.languages.csharp上与ArneVajhøj交谈,似乎无法对连接进行所需的控制。 Vajhøj提供了一个指向加密SQL Server连接的链接。
public static void Main(string[] args) { ServicePointManager.ServerCertificateValidationCallback = PinCertificate; WebRequest wr = WebRequest.Create("https://www.google.com/"); wr.GetResponse(); } public static bool PinCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { byte[] chash = certificate.GetCertHash(); StringBuilder sb = new StringBuilder(chash.Length * 2); foreach (byte b in chash) sb.AppendFormat("{0:X2}", b); // Verify against known SHA1 thumb print of the certificate String hash = sb.ToString(); if (hash != "C1956DC8A7DFB2A5A56934DA09778E3A11023358") return false; return true; }
怎么样的:
System.Net.ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCertificate) Private Function ValidateCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean 'Return True to force the certificate to be accepted. Return True End Function