The request with exception: The SSL connection could not be established, see inner exception. requestId 解决方案

 

查看 OPENSSLDIR 路径终极解决方案

1、查看 OPENSSLDIR 路径

$ openssl version -a

  

2、然后把 CentOS 默认的 openssl CA证书拷贝过来。

 $ cp /etc/pki/tls/cert.pem /usr/local/openssl/

 

参考连接:https://lamjack.github.io/2018/05/11/centos-compile-openssl-missing-ca-bundle-crt/

 

 

 

 

 

忽略以下

============================================================

DOTNET CORE 部署 Centos7 抛出异常

环境变量如下:

.NET Core SDK (reflecting any global.json):
Version: 2.2.401
Commit: 729b316c13

Runtime Environment:
OS Name: centos
OS Version: 7
OS Platform: Linux
RID: centos.7-x64
Base Path: /usr/share/dotnet/sdk/2.2.401/

Host (useful for support):
Version: 2.2.6
Commit: 7dac9b1b51

.NET Core SDKs installed:
2.2.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download

 

测试代码:

using System;
using System.Diagnostics;
using System.Net.Http;
using System.Net.Http.Headers;

namespace TestHttpClient
{
    class Program
    {
        static void Main(string[] args)
        {
            try
            {
                using (var httpClient = new HttpClient())
                {
                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));                    

                    string url = "https://jsonplaceholder.typicode.com/posts/1";
                    var response = httpClient.GetAsync(url).Result;
                    string jsonResult = response.Content.ReadAsStringAsync().Result;   
                }
            }
            catch (Exception ex)
            {
                Debug.WriteLine(ex.ToString());
            }
        }
    }
}

 

服务器抛出异常:

System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
……………………………………………………

 

OR

The remote certificate is invalid according to the validation procedure.

 

解决方案:

 

By defining the System.Net.Http.UseSocketsHttpHandler switch in the .netcore.runtimeconfig.json configuration file:

 
"runtimeOptions": {
  "configProperties": {
      "System.Net.Http.UseSocketsHttpHandler": false
  }
}

 =====================

以上可以解决问题,但不是根本解决

问题分析如下:

后续请参考以下:

using System;
using System.Diagnostics;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

namespace ConsoleClientTest
{
    internal class Program
    {
        private static async Task Main(string[] args)
        {
            try
            {
               


                //AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);
                using (var httpClientHandler = new HttpClientHandler())
                {
                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) =>
                    {
                        Console.WriteLine("\r\n\r\n===================message==================\r\n\r\n {0}", message.ToString());
                        Console.WriteLine("\r\n\r\n==================cert==================\r\n\r\n {0}", certificate.ToString());
                        Console.WriteLine("\r\n\r\n==================chain==================\r\n\r\n{0}", chain.ToString());
                        Console.WriteLine("\r\n\r\n==================chain status==================\r\n\r\n{0}",
                            chain.ChainStatus.ToString());
                        Console.WriteLine("\r\n\r\n==================errors==================\r\n\r\n{0}", sslPolicyErrors.ToString());


                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");
                        Console.WriteLine($"Received certificate with subject {certificate.Subject}");
                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");
                        Console.WriteLine($"Current policy errors: {sslPolicyErrors}");
                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");


                        if (sslPolicyErrors == SslPolicyErrors.None)
                            return true;
                        else
                        {
                            if ((SslPolicyErrors.RemoteCertificateNameMismatch & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateNameMismatch)
                            {
                                Console.WriteLine("证书名称不匹配{0}", sslPolicyErrors);
                            }

                            if ((SslPolicyErrors.RemoteCertificateChainErrors & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateChainErrors)
                            {
                                
                                foreach (X509ChainStatus status in chain.ChainStatus)
                                {
                                    Console.WriteLine("status code = {0}", status.Status);
                                    Console.WriteLine("Status info = {0}", status.StatusInformation);
                                }

                            }
                            Console.WriteLine("证书验证失败{0}", sslPolicyErrors);
                        }

                        return false;
                    };

                    Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");
                    using (var httpClient = new HttpClient(httpClientHandler))
                    {
                        httpClient.DefaultRequestHeaders.Accept.Add(
                            new MediaTypeWithQualityHeaderValue("application/json"));
                        const string url = "https://jsonplaceholder.typicode.com/posts/1";
                        using (var response = await httpClient.GetAsync(url))
                        {
                            var jsonResult = await response.Content.ReadAsStringAsync();
                            Console.WriteLine(jsonResult);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
        }
    }
}

 

通过以上代码,打印出以下语句

 

Status info = unable to get local issuer certificate trustasia

 

回想起昨天编译Nginx,手动安装了OPENSSL,版本问题,恢复后,一切正常

 

posted @ 2019-08-28 13:19  cnkker.com  阅读(9844)  评论(0编辑  收藏  举报