ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

增加远程证书验证

Browse Source
This commit is contained in:
xljiulang 2021-07-20 00:34:09 +08:00
parent 994099a7d2
commit f5698ef1e1
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
FastGithub.ReverseProxy/HttpClientHanlder.cs
View File

@ -2,6 +2,7 @@
using System.Net.Http; using System.Net.Http;
using System.Net.Security; using System.Net.Security;
using System.Net.Sockets; using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -51,9 +52,15 @@ namespace FastGithub.ReverseProxy
await sslStream.AuthenticateAsClientAsync(new SslClientAuthenticationOptions await sslStream.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
{ {
TargetHost = tlsSniContext.TlsSniPattern.Value, TargetHost = tlsSniContext.TlsSniPattern.Value,
RemoteCertificateValidationCallback = delegate { return true; } RemoteCertificateValidationCallback = ValidateServerCertificate
}, cancellationToken); }, cancellationToken);
return sslStream; return sslStream;
// 这里最好需要验证证书的使用者和所有使用者可选名称
static bool ValidateServerCertificate(object sender, X509Certificate? cert, X509Chain? chain, SslPolicyErrors errors)
{
return errors == SslPolicyErrors.None || errors == SslPolicyErrors.RemoteCertificateNameMismatch;
}
} }
}; };
} }