The verification processing problem of HTTPS in Httpwebrequst

Recently, Httpwebrequst-related APIs have been used in company projects, and the operating environment is. Net/mono 2.0, a tool for the Unity platform. The development process encountered the people may have encountered problems, HTTP or HTTPS? Why HTTP can respond normally, HTTPS fails, and the result is authorize or decrypt failed.

by th,. Net 4.0 and later it seems that the problem has not been, the giant hard silently filled the pit.

How to use http:

 Public voidGet (stringUrl) {HttpWebRequest webRequest=(HttpWebRequest) webrequest.create (URL); Webrequest.method="GET"; Webrequest.useragent="mozilla/5.0 (Windows NT 6.3; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/36.0.1985.125 safari/537.36"; Webrequest.begingetresponse (getresponsecallback,webrequest);}Private voidgetresponsecallback (IAsyncResult ar) {//requeststate myrequeststate = (requeststate) ar. asyncstate;HttpWebRequest WebRequest =(HttpWebRequest) ar. asyncstate;Try{WebResponse response=webrequest.endgetresponse (AR); StreamReader=NewStreamReader (response. GetResponseStream ());}Catch(Exception es) {Debug.Log (es. Message);}if(getdatacompleted! =NULL) {getdatacompleted ( This,NewGetdatacompletedargs (Streamreader.readtoend ()));}}

Async is used here, and synchronization works the same way.

However, if the URL of HTTPS is used at this time, the result will always return a failure. What is this for? The reason is that HTTPS is based on the SSL/TLS protocol, which requires certificate validation prior to the request, and the above notation does not validate the correlation, causing the communication to fail. How to solve this problem? Very simply, we verify before the request is issued, and in. Net 2.0 or later, we add a callback function.

Workaround:

 Public voidGet (stringUrl) {            //SSL/TLS certificate methodServicepointmanager.servercertificatevalidationcallback =NewRemotecertificatevalidationcallback (CheckValidationResult); HttpWebRequest WebRequest=(HttpWebRequest) webrequest.create (URL); Webrequest.method="GET"; Webrequest.useragent="mozilla/5.0 (Windows NT 6.3; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/36.0.1985.125 safari/537.36";        Webrequest.begingetresponse (getresponsecallback,webrequest); }/// <summary>        ///SSL/TLS certificate callback method///must return True/// </summary>        /// <returns><c>true</c>, if validation result was checked,<c>false</c>otherwise.</returns>        /// <param name= "Sender" >Sender.</param>        /// <param name= "certificate" >Certificate.</param>        /// <param name= "Chain" >Chain.</param>        /// <param name= "Sslpolicyerrors" >SSL policy errors.</param>         Public BOOLCheckValidationResult (Objectsender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, Sslpolicyerrors sslpolicyerrors) {//debug.logwarning (certificate. Getserialnumberstring ());            return true; }        /// <summary>        ///Gets the response callback. /// </summary>        /// <param name= "AR" >Ar.</param>        Private voidgetresponsecallback (IAsyncResult ar) {//requeststate myrequeststate = (requeststate) ar. asyncstate;HttpWebRequest WebRequest =(HttpWebRequest) ar.            asyncstate; Try{WebResponse response=webrequest.endgetresponse (AR); StreamReader=NewStreamReader (response.            GetResponseStream ()); }            Catch(Exception es) {Debug.Log (es.            Message); }            if(getdatacompleted! =NULL) {getdatacompleted ( This,NewGetdatacompletedargs (Streamreader.readtoend ())); }        }

At this point, to solve this problem, this kind of problem is not big, said small, belongs to our development encountered in one of the small pits. This issue does not need to be noted in Net4.0 versions above.

For the lower. Net 1.1, you can look at the blog, this blog post is also referring to his solution:

Http://blog.sina.com.cn/s/blog_4ae95c270101qnn1.html