更新时间:2023-11-19 20:41:34
我尝试了一些东西,这里的意见:
I tried a few things and here are the observations:
首先, X509Certificate2.Verify()
不检查如果链中的所有证书被吊销。从这个后我才知道,检验方法,在内部使用的 Crypt32 CertVerifyCertificateChainPolicy 功能。该文档它说,它不执行证书吊销检查。总之,验证方法只检查是否为此它就是所谓的证书,被撤销或不。
First of all X509Certificate2.Verify()
does not check if all the certificates in chain are revoked. From this post I came to know that Verify method internally uses Crypt32 CertVerifyCertificateChainPolicy function. The documentation for it says that it does not perform certificate revocation checking. In short, the Verify method just checks if the certificate for which it's called, is revoked or not.
关于根证书:
X509Certificate2.Verify()
和根证书不存在,则该方法将返回决绝假
。所以用这个方法根证书是绝对必要的。X509Certificate2.Verify()
and root cert is absent, then the method will outrightly return false
. So with this method root certificate is absolutely required.希望这可以帮助别人谁想要知道一点关于证书验证在C#。
Hope this helps someone who wants to know a little more about certificate validation in C#.