Мобильная версия Из macos все в порядке, но в Docker исключения брошены < /p>
Unhandled exception occurred
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+OpenSsl+SslException: Using SSL certificate failed with OpenSSL error - ca md too weak.
at Interop.OpenSsl.UpdateClientCertificate(SafeSslHandle ssl, SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Int32& consumed, SslAuthenticationOptions sslAuthenticationOptions)
< /code>
Я загрузил сертификат с hex < /p>
var handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
{
return true;
},
ClientCertificateOptions = ClientCertificateOption.Manual,
ClientCertificates = { cert },
CheckCertificateRevocationList = false
};
< /code>
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
USER $APP_UID
WORKDIR /app
FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Debug
WORKDIR /src
COPY . .
RUN dotnet restore "src/MyProject.Proxy/MyProject.Proxy.csproj"
COPY . .
WORKDIR "/src/src/MyProject.Proxy"
RUN dotnet build "./MyProject.Proxy.csproj" -c $BUILD_CONFIGURATION -o /app/build
FROM build AS publish
ARG BUILD_CONFIGURATION=Debug
RUN dotnet publish "./MyProject.Proxy.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
USER root
RUN sed -i \
-e "s|^MinProtocol = .*|MinProtocol = TLSv1.0|g" \
-e "s|^CipherString = .*|CipherString = DEFAULT@SECLEVEL=0\nOptions = UnsafeLegacyRenegotiation,UnsafelyIgnoreCertCN,UnsafelyIgnoreHostVerification|g" \
-e "s|^VerifyCAFile =|#VerifyCAFile =|g" \
-e "s|^VerifyMode =|#VerifyMode =|g" \
/etc/ssl/openssl.cnf
RUN mkdir -p /usr/local/share/ca-certificates && \
touch /usr/local/share/ca-certificates/dummy.crt && \
update-ca-certificates
ENV DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0
ENV DOTNET_SYSTEM_NET_HTTP_SOCKETSHTTPHANDLER_INSECURE=true
ENV DOTNET_NET_HTTP_SSL_CLIENT_CERT_MODE=Ignore
ENV DOTNET_NET_HTTP_SSL_SERVER_CERT_MODE=Ignore
ENV OPENSSL_CONF=/dev/null
ENV SSL_CERT_FILE=/dev/null
ENV SSL_CERT_DIR=/dev/null
ENV DOTNET_SYSTEM_NET_HTTP_SOCKETSHTTPHANDLER_HTTP2SUPPORT=false
ENV DOTNET_SYSTEM_NET_HTTP_SOCKETSHTTPHANDLER_HTTP3SUPPORT=false
ENTRYPOINT ["dotnet", "MyProject.Proxy.dll"]
< /code>
I'm containerizing a .NET 9.0 proxy application that needs to completely ignore SSL certificate validation errors when making HTTPS requests. Despite extensive configuration changes in both OpenSSL and .NET environment variables, the application still fails with certificate validation errors.
Подробнее здесь: https://stackoverflow.com/questions/797 ... t-9-docker
Использование SSL -сертификата не удалось с OpenSSL Error - CA MD слишком слабым. .Net 9 Docker ⇐ C#
-
- Похожие темы
- Ответы
- Просмотры
- Последнее сообщение
