Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Retrieving certificate using OpenSSL .Net

Tags:

c#

.net

openssl

I'd like to use the OpenSSL .Net wrapper to retrieve a certificate from a remote server to my C# code. Essentially, I'd like to replicate 

openssl s_client -connect 192.168.254.13:636 -showcerts

.. and ultimate bring the results into an X509Certificate. Is this possible, and if so can anyone point me in the right direction?

like image 336
KenD Avatar asked May 10 '12 14:05

KenD

2 Answers

I think there are two parts to the question:

  1. How do you retrieve the server's certificate
  2. How do you retrieve the certificate's chain

To rertrieve the server's certificate you use SslStream whose methods are similar to .NET's own SslStream

var serverName = "...;
var client = new TcpClient(serverName, 443);            

// Create an SSL stream that will close the client's stream.
using (var sslStream = new SslStream(client.GetStream(),true))
{
    sslStream.AuthenticateAsClient(serverName);                
    var serverCertificate = sslStream.RemoteCertificate;
 }

It seems that OpenSSL.Net can't retrieve a certificate's chain. The -showcerts parameter uses the SSL_get_peer_cert_chain function which is not implemented in OpenSSL.NET.

If you don't mind mixing OpenSSL.Net and the built-in .NET classes, you can convert an OpenSSL.Net certificate to a .NET certificate and retrieve the chain using .NET's X509Chain.Build . You can convert the .NET certificates back to OpenSSL.NET certificates using the .NET certificate's RawData property.

var managedCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(serverCertificate.DER);
var chain = new System.Security.Cryptography.X509Certificates.X509Chain();
chain.Build(managedCert);


foreach (var element in chain.ChainElements)
{
    var raw = element.Certificate.RawData;
    using (var bio = new BIO(raw))
    {
        var oc = OpenSSL.X509.X509Certificate.FromDER(bio);
    }
}

Perhaps you can use .NET's SslStream and X509Certificate2 object to do what you want using the raw certificate data without using OpenSSL.Net at all.

like image 156
Panagiotis Kanavos Avatar answered Sep 21 '22 20:09

Panagiotis Kanavos

Try using the ServicePointManager.ServerCertificateValidationCallback. That will be called with the server's X509 certificate et voila

http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

like image 21
Dave Lawrence Avatar answered Sep 21 '22 20:09

Dave Lawrence
Sign in to Comment

Related questions

How do I create a static method for a JQuery plugin
How to use SignalR with .net 3.5
Closures and Tasks
C# Similarities of two arrays
Why does a simple List<T> seem to be slower than an ArrayList?
Importing many instances using MEF
Separating JavaScript in cshtml razor views
Sort list of object by properties c#
Are fluent interfaces a violation of the Command Query Separation Principle?
Creating a GraphicsPath from a semi-transparent bitmap
Convert Predicate<T> to Expression<Func<T, bool>>
C#. How to inject multiple instances of a dependency inside an object?
Entity Framework Dead Lock Victim on Read Only Statements
How to detect hidden characters in string (for example zero width space) during debugging
is it good to use BlockingCollection<T> as single-producer, single-consumer FIFO query?
Assembly binding and redirect
Why isn't type inference working in this code?
How to implement commands to use ancestor methods in WPF?
C# System.Security.Cryptography.HMACSHA1.ComputeHash() does not return expected result
How to Close Sqlite Connection without explicitly calling Close Method using .NET

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!