我尝试将文件上传到我的域https://vault.veodin.com/ https://vault.veodin.com/托管在 webfaction.com
当您打开此网址时,浏览器会警告您名称不匹配,因为 SSL 证书是为 webfaction.com 而不是为 veodin.com 颁发的
因此,当我尝试使用 .Net WebClient 将文件上传到此域时,会发生 sslPolicyErrors System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch。
就我的目的而言,确保上传目标托管在 *.webfaction.com 就足够了。
信任该certificate.subject 是否安全?
背景:
Update:我使用了自定义的 CertificateValidationCallback 来验证证书主题and证书颁发者正是我所期望的。
ServicePointManager.ServerCertificateValidationCallback =
MyCertificatePolicy.CertificateValidationCallBack;
...
public class MyCertificatePolicy
{
public static bool CertificateValidationCallBack(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
//if there is a RemoteCertificateNameMismatch, but the Name is webfaction.com
//then we can trust the certificate despite the name error
else if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch
&& certificate.Subject == "CN=*.webfaction.com, OU=WebFaction, O=Swarma Limited, L=London, S=England, C=GB"
&& certificate.Issuer == "CN=DigiCert Global CA, OU=www.digicert.com, O=DigiCert Inc, C=US")
{
return true;
}
else
{
// In all other cases, return false.
return false;
}
}
}