数据库 - 已成功与服务器建立连接,但在登录过程中发生错误。(提供程序:SSL提供程序,错误:0-证书链是由不受信任的颁发机构颁发的。)”asp.net core:8.0
asp.net core:8.0,本地开发一切正常,发布线上docker后出现如下错误:
Microsoft.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)
按照网上的解决方案一顿配置输出:连接字符串增加 Encrypt=false;TrustServerCertificate=true; ,然而并无卵用,最后在 https://q.cnblogs.com/q/144081/,找到解决方案,
最后贴一下我的完成dockerfile
1 #See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging. 2 3 FROM mcr.microsoft.com/dotnet/aspnet:8.0 4 5 COPY . /app/ 6 WORKDIR /app 7 8 9 # SQL Server 支持的SSL版本太高解决方案 10 # https://docs.microsoft.com/zh-cn/sql/connect/ado-net/sqlclient-troubleshooting-guide?view=sql-server-ver15 11 12 # 下列解决方案只适用于aspnet:6.0 aspnet:8.0镜像中openssl已更新到3.0,配置已发生变化 13 # 方案1 14 # RUN sed -i 's/TLSv1.2/TLSv1/g' /etc/ssl/openssl.cnf 15 16 # 方案2 17 # RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf 18 # RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /etc/ssl/openssl.cnf 19 # RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf 20 # RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /usr/lib/ssl/openssl.cnf 21 22 # 下列配置适用于 openssl3.0 修改TLSv1.2 为 TLSv1 23 # https://askubuntu.com/questions/1436476/ubuntu-22-04-sqlcmd-can-not-connect-to-ms-sql-server-2016/1445405#1445405 24 25 # openssl.cnf ****开始**** 26 # openssl_conf = openssl_init 27 28 # [openssl_init] 29 # providers = provider_sect 30 # ssl_conf = ssl_sect 31 # 32 # [provider_sect] 33 # default = default_sect 34 # legacy = legacy_sect 35 # 36 # [default_sect] 37 # activate = 1 38 # 39 # [legacy_sect] 40 # activate = 1 41 # 42 # [ssl_sect] 43 # system_default = system_default_sect 44 # 45 # [system_default_sect] 46 # CipherString = DEFAULT:@SECLEVEL=0 47 # openssl.cnf ****结束**** 48 49 # 修改默认的 openssl.cnf 配置 50 RUN sed -i 's/\[openssl_init\]/# \[openssl_init\]/g' /etc/ssl/openssl.cnf 51 RUN sed -i '$a\[openssl_init]' /etc/ssl/openssl.cnf 52 RUN sed -i '$a\providers = provider_sect' /etc/ssl/openssl.cnf 53 RUN sed -i '$a\ssl_conf = ssl_sect' /etc/ssl/openssl.cnf 54 55 RUN sed -i '$a\[provider_sect]' /etc/ssl/openssl.cnf 56 RUN sed -i '$a\default = default_sect' /etc/ssl/openssl.cnf 57 RUN sed -i '$a\legacy = legacy_sect' /etc/ssl/openssl.cnf 58 59 RUN sed -i '$a\[default_sect]' /etc/ssl/openssl.cnf 60 RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf 61 62 RUN sed -i '$a\[legacy_sect]' /etc/ssl/openssl.cnf 63 RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf 64 65 RUN sed -i '$a\[ssl_sect]' /etc/ssl/openssl.cnf 66 RUN sed -i '$a\system_default = system_default_sect' /etc/ssl/openssl.cnf 67 68 RUN sed -i '$a\[system_default_sect]' /etc/ssl/openssl.cnf 69 RUN sed -i '$a\CipherString = DEFAULT:@SECLEVEL=0' /etc/ssl/openssl.cnf 70 71 72 RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 73 RUN echo 'Asia/Shanghai' >/etc/timezone 74 EXPOSE 8080 75 ENTRYPOINT ["dotnet", "PoService.Client.dll"]
在此特别谢谢园友。
我要我的自我!
