使用 HttpClient 检查服务器证书

Inspect server certificate using HttpClient

我正在 WinForms 中重写一些 Web 处理代码,并从 HttpWebRequest 切换到 HttpClient。我需要最后一件事,但我似乎不知道如何完成。

在 HttpWebRequest 中,我可以从我正在连接的 Web 服务器捕获证书并显示它:

...
HttpWebRequest request = CreateHttpRequest(destUri);

HttpWebResponse response = (HttpWebResponse)request.GetResponse();

cert = request.ServicePoint.Certificate;

if (cert != null) 
{ 
  cert2 = new X509Certificate2(cert); 
  X509Certificate2UI.DisplayCertificate(cert2);
}
...

我找不到使用 HttpClient 捕获证书的等效方法:

//... Use HttpClient.
using (HttpClient client = new HttpClient())
{
  using (HttpResponseMessage response = await client.GetAsync(destUri))
  {
    using (HttpContent content = response.Content)
    {
      string result = await content.ReadAsStringAsync();
    }
  }
}

How/where 我可以在这里做吗?我不知道如何到达 ServicePoint.Certificate.

例如使用WebRequestHandler with a proper certificate validation callback. see HttpClient, HttpClientHandler, and WebRequestHandler Explained

Bulding on Remus answer - 这是我在 LinqPad 中拼凑的东西,它确实可以让您访问您的证书:

var handler = new WebRequestHandler();
handler.UseDefaultCredentials = true;
handler.AllowPipelining = true;
handler.ServerCertificateValidationCallback =  (sender, cert, chain, error) => {
    //do something with cert here
    cert.Subject.Dump();
    //useless validation on my part
    return true;
};


using (HttpClient client = new HttpClient(handler))
{
  using (HttpResponseMessage response = await client.GetAsync("https://google.com"))
  {
    using (HttpContent content = response.Content)
    {
        //foo
    }
  }
}

Dump() 输出如下:

CN=*.google.com, O=Google Inc, L=Mountain View, S=California, C=US

CN=www.google.de, O=Google Inc, L=Mountain View, S=California, C=US

CN=www.google.com, O=Google Inc, L=Mountain View, S=California, C=US

显然,您不需要从 ServicePointManager.ServerCertificateValidationCallback 获取证书。您可以从 ServicepointManager 本身找到它,如下所示:

//... Use HttpClient.
using (HttpClient client = new HttpClient())
{
  using (HttpResponseMessage response = await client.GetAsync(destUri))
  {
    // Get Certificate Here
    var cert = ServicePointManager.FindServicePoint(destUri).Certificate;
    //
    using (HttpContent content = response.Content)
    {
      string result = await content.ReadAsStringAsync();
    }
  }
}