gpt4 book ai didi

ssl - Unity - 由于 CryptographicException 而无法发送 HTTPS 请求

转载 作者:太空宇宙 更新时间:2023-11-03 12:44:18 24 4
gpt4 key购买 nike

我正在尝试向我的远程服务器发送一个 https 请求,但我总是收到以下异常:

Exception: System.IO.IOException: The authentication or decryption has failed. ---> System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.11
at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in <filename unknown>:0
at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0
at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0
at System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey7.<>m__A (System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Int32[] certErrors) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] certificateErrors) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in <filename unknown>:0
at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0

一开始以为是证书校验问题,所以在发送请求前添加了如下代码:

ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, ssl) => true;

原来 ServerCertificateValidationCallback 甚至没有被调用并且 the exception was related to 'Plain SSL' or 'SSL ciphers' .

请注意,我的远程服务器 URL 是 https://_my_app_.herokuapp.com/_path_。奇怪的是,如果我将 URL 更改为任何其他 https 服务器,例如 https://www.google.comhttps://www.facebook。 com 我没有收到异常,请求成功。

看起来 Unity 使用的 Mono 实现不支持 heroku 的密码套件(我可以保证,因为我最近开发了一个能够连接到同一服务器的 MonoTouch 应用程序)。

是客户端问题还是服务器问题?我应该在客户端添加一些 hacky 代码还是应该更改服务器的配置?

最佳答案

我没有完整的答案,但这不是密码组问题;堆栈跟踪显示这是一个证书验证问题,在涉及回调之前验证签名的低级别。 OID 1.2.840.113549.1.1.11 是 SHA256withRSA,客户端中的安全提供程序未处理它。您可以在 google 和 facebook 等主流服务器上正常工作,因为它们继续使用 SHA1withRSA 签名的证书,正是因为客户端/浏览器对 SHA256+RSA 的支持虽然越来越普遍,但尚未普及。 https://cabforum.org/baseline-requirements-documents/今年(2014 年 1 月)无条件要求 RSA2048,但允许 SHA1,“直到 SHA-256 [验证] 被全局大部分依赖方使用的浏览器广泛支持。”

OTOH SHA1 没有多少安全余地,很多人都在插入 SHA256,而 Digicert 似乎是最难插入者之一:http://www.digicert.com/transitioning-to-sha-2.htm .我从 herokuapp.com 看到的证书是最近发布的 (2014-01-21),所以这可能是一个深思熟虑的选择“让我们提高安全性”或者只是“使用方便的东西,Digicert 给了我们这个”。 FWIW 我观察到 id.heroku.com 和 www.heroku.com 使用 2013-10-12 的 SHA1+RSA(2048) 证书。如果您无法为 SHA256+RSA 修复您的客户端并且 heroku 愿意,他们现在可以获得并使用 SHA1+RSA 证书,但您以后可能仍需要真正的修复。

关于那个,How can I sign a file using RSA and SHA256 with .NET?表示对于 (MS) 使用 SHA256+RSA 的点网签名需要摆弄一个非默认的加密提供程序,并且 IME 验证通常与签名相同。我不使用 Mono,也不知道那里是否存在相同或相似的问题,但这是我首先要查看的领域。

关于ssl - Unity - 由于 CryptographicException 而无法发送 HTTPS 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21764216/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com