tcp通信中使用SslStream和数据字证书的问题?郁闷求急救

jqncc 2011-11-29 05:49:56

一个tcp通信的程序,使用Tcplistener+Tcpclient+sslstream.数字证书是用makecert做的一个pfx的文件
要求验证服务器,不用验证客户端
Tcplistener部分代码:



 public void startServer()

        {

            server = new TcpListener(ep);//ep是一个IPAndPoint

            server.Start();

            while(true)

            {

                TcpClient appClient = null;

                try

                {

                    appClient = server.AcceptTcpClient();

                }

                catch 

                {

                    break;  //底层出现异常

                }

                Console.WriteLine("接收新连接:" + appClient.Client.RemoteEndPoint);

                if (appClient.Connected)

                {

                    Thread thread = new Thread(new ParameterizedThreadStart(poccessClient));

                    thread.Start(appClient);

                }

            }

        }



        private void poccessClient(Object client)

        {

            TcpClient appClient = (TcpClient)client;

            NetworkStream stream = appClient.GetStream();

            SslStream ssl = new SslStream(stream,false);

            StringBuilder acceptChar=new StringBuilder();

            int byt = -1;

            try 

            {

                ssl.AuthenticateAsServer(getCert(),false,SslProtocols.Tls,false);//异常出现在这一行

                ssl.ReadTimeout = 5000;

                ssl.WriteTimeout=5000;

                do

                {

                    byt = ssl.Read(bytes,0,bytes.Length);

                    acceptChar.Append(Encoding.UTF8.GetString(bytes,0,bytes.Length));

                    if(acceptChar.ToString().IndexOf("<EOF>")!=-1)

                    {

                        break;

                    }

                }while(byt!=0);

                Console.WriteLine(acceptChar.ToString())

                ssl.Write(Encoding.UTF8.GetBytes("0"));

                ssl.Flush();

            }

            catch (AuthenticationException ex)

            {

                Console.WriteLine("证书验证错误");

                Console.WriteLine(ex.StackTrace+"\n"+ex.Message);

            }  

            finally

            {

                Console.ReadKey();

                appClient.Close();

                stream.Close();

            }

        }



 private X509Certificate2 getCert()

        {

            try

            {

                X509Certificate2 x509 = new X509Certificate2(@"E:\cert.pfx", "123456", X509KeyStorageFlags.Exportable);

                //Console.WriteLine(x509.GetSerialNumberString());

                //Console.WriteLine(x509.SerialNumber);             

                return x509;

            }

            catch (CryptographicException)

            { throw; }

        }

Tcpclient部分代码



 TcpClient client = new TcpClient();

            client.Connect(IPAddress.Parse(txtIP.Text), Int32.Parse(txtPort.Text));//ipaddress port

            NetworkStream stream = client.GetStream();

            SslStream ssl = new SslStream(stream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);

            try

            {

                X509Certificate2Collection collection = new X509Certificate2Collection();

                ssl.AuthenticateAsClient("CertName", collection, SslProtocols.Tls, false);

                //ssl.AuthenticateAsClient("CertName");

            }

            catch (AuthenticationException ex)

            {

                Console.WriteLine("Exception: {0}", ex.Message);

                if (ex.InnerException != null)

                {

                    Console.WriteLine("Inner exception: {0}", ex.InnerException.Message);

                }

                Console.WriteLine("Authentication failed - closing the connection.");

                client.Close();

                return;

            }

出现问题:
在自己机子上系统是windows2003的,证书也是从这台生成的,异常:
=========================================

未处理的异常: System.ComponentModel.Win32Exception: 没有识别提供给安全软件包的
凭证
在 System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, S
tring package, CredentialUse intent, SecureCredential scc)
在 System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse c
redUsage, SecureCredential& secureCredential)
在 System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPr
int)
在 System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset
, Int32 count, Byte[]& output)
在 System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offse
t, Int32 count)
在 System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, A
syncProtocolRequest asyncRequest)
在 System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 coun
t, AsyncProtocolRequest asyncRequest)
在 System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes
, AsyncProtocolRequest asyncRequest)
在 System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocol
Request asyncRequest)
在 System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byt
e[] buffer, AsyncProtocolRequest asyncRequest)
在 System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyRes
ult)
在 System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverC
ertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols,
Boolean checkCertificateRevocation)
在 TcpServer.TcpSSLServer.poccessClient(Object client) 位置 E:\workspace3\win
form\TcpServer\TcpSSLServer.cs:行号 75
在 System.Threading.ThreadHelper.ThreadStart_Context(Object state)
在 System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C
ontextCallback callback, Object state)
在 System.Threading.ThreadHelper.ThreadStart(Object obj)
===========================================================

在一台XP系统的电脑上试.异常:

A call to sspi failed,see inner exception

异常出现的地方也是AuthenticateAsServer

急求大牛们解决...不尽感激

...全文