NetCore HttpClient The SSL connection could not be established, see inner exception
之前遇到一个问题
https://www.cnblogs.com/leoxjy/p/10201046.html
在centos 7.x HttpClient访问会出问题 The SSL connection could not be established, see inner exception
最后彻底解决是进入容器docker
那么 最近又FQ搜到一个解决方案 可以systemctl 运行的时候也不会 SSL
上代码
var httpClientHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, certificate2, arg3, arg4) => true
};
using (HttpClient client = new HttpClient(httpClientHandler))
{
string url = WeiXinSettings.GetJscode2Session(code);
var result = await client.GetAsync(url);
if (result.IsSuccessStatusCode)
{
string str = await result.Content.ReadAsStringAsync();
return str;
}
}
解决办法2
修改centos的环境变量 DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0
解决办法3
通过在netcore. runtimeconfig.template.json配置文件中定义 System.Net.Http.UseSocketsHttpHandler
开关:
"runtimeOptions": { "configProperties": { "System.Net.Http.UseSocketsHttpHandler": false } }
此方法解决所有不需要证书访问的通讯 如果需要证书进行https访问 就不行了
解决方法 4
安装 OpenSSL
1.下载 OpenSSL:
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
2.解压 OpenSSL:
tar -xzvf openssl-1.0.2l.tar.gz
3.进入 OpenSSL目录:
cd openssl-1.0.2l
4.配置并编译 OpenSSL:
./config --shared
make && make install
5.下载 curl 库:
wget https://curl.haxx.se/download/curl-7.55.1.tar.gz
6.解压 curl 库:
tar -xzvf curl-7.55.1.tar.gz
7.进入 curl 目录:
cd curl-7.55.1
8.设置动态库路径:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/ssl/lib
9.配置并编译 curl:
./configure --prefix=/usr/local/curl/ --without-nss --with-ssl=/usr/local/ssl/
make && make install
10.备份默认的 curl 二进制文件
mv /usr/bin/curl /usr/bin/curl.bak
11.做一个新的 curl 软链
ln -s /usr/local/curl/bin/curl /usr/bin/curl
总体的替换到此就完成,可以执行 curl --version 来进行确认。下边是我执行的结果:
curl 7.55.1 (x86_64-pc-linux-gnu) libcurl/7.55.1 OpenSSL/1.0.2l
Release-Date: 2017-08-14
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP UnixSockets HTTPS-proxy
1、查看 OPENSSLDIR 路径
2、然后把 CentOS 默认的 openssl CA证书拷贝过来。
$ cp /etc/pki/tls/cert.pem /usr/
local
/openssl/