开发者

.NET SslStream is not working

开发者 https://www.devze.com 2023-02-03 18:17 出处:网络
I am trying inialise a tls tunnel with the .net SslStream but after opening the stream I always get the following error:

I am trying inialise a tls tunnel with the .net SslStream but after opening the stream I always get the following error:

"Unable to read data from the transport connection: An established connection was aborted by the software in your host machine."

After I establish a tls connection and after sending a second message.

I've been searching for an answer for the last four days but there isn't any helpful information online!

edit: I am trying to connect to talk.google.com

and I'm using the code sample from MSDN. Only difference is that I'm sending data before and when it is time to use tls i do the following:

public void SecureStream()
        {
        netStream.Flush();
        sslStream = new SslStream(netStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);

    sslStream.AuthenticateAsClient("talk.google.com");}

edit: I 开发者_如何学编程managed to eliminate the first error (small bug on how i was handling the send) now I always get

"Unable to read data from the transport connection: An established connection was aborted by the software in your host machine."

edit2: Im not sending any whitespaces I rewrote the message passing part and I still have the same problem.

I start with

   String streamInit = "<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' to='google.com' version='1.0'>";
        client.Send(streamInit);

Then on receive I have the following

  static void client_MessageReceived(SyncronousClient source, string Result)
    {


        if (Regex.IsMatch(Result, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"><required/></starttls>"))
        {
            String startTlS = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>";
            source.Send(startTlS);

        }
        else if (Regex.IsMatch(Result, "<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>"))
        {
            //Do TLS Magic 
            source.SecureStream();
            String streamReInit = "<stream:stream xmlns='jabber:client'xmlns:stream='http://etherx.jabber.org/streams'to='google.com'version='1.0'>";
            source.Send(streamReInit);
        }
        else if (Regex.IsMatch(Result, "<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">"))
        {
            //String AuthType = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='X-GOOGLE-TOKEN'/>";
            String AuthType = "<auth xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\" mechanism=\"PLAIN\"/>";
            source.Send(AuthType);
        }}


It's unlikely to be your problem (unless .Net has started doing SNI under the covers), but when you call AuthenticateAsClient, pass in the same domain name that you used in your stream's to attribute (in this case, google.com). As well, you might need gmail.com instead of google.com:

sslStream.AuthenticateAsClient("gmail.com", null, SslProtocols.Tls, false);

As csharptest.net alluded to, make sure you don't have a keepalive timer that sends extra whitespace, or wait to start the timer until after TLS works. The only other way I can imagine your getting that error is if you don't have a ciphersuite that the server implements, but I know the .Net SslStream works against GTalk.

Lastly, use one of the existing .Net libraries for XMPP (there are 5 listed here), and you can start writing much more fun code right away. You're about to run into the inadequacies of the .Net XML system, and your regex-based approach won't work when you start getting partial stanzas or multiple stanzas in a single read.


That really doesn't make sense to me. The server, if using SSL, requires that the client perform the SSL handshake upon connection. Thus, I'm not sure what you mean by "I'm sending data before...". It sounds like your not immediately calling the AuthenticateAsClient. If this is the case, I suspect that is your problem. AFAIK, you cannot use the same socket/connection connection for both SSL and non-SSL communications. Either the server requires SSL, or it does not support it, it should never do both.

My previous answer above was in ignorance. Indeed it appears that the standard does in fact require that the connect send and receive data prior to the initialization of the SSL handshake. Really odd that they would do that... but whatever. After briefly reading through parts of the RFC it appears that you are expected to begin the SSL client auth immediately after the closing '>'. No trailing whitespace allowed which may be your problem?

0

精彩评论

暂无评论...
验证码 换一张
取 消