数据库 - 已成功与服务器建立连接,但在登录过程中发生错误。(提供程序:SSL提供程序,错误:0-证书链是由不受信任的颁发机构颁发的。)”asp.net core:8.0

asp.net core:8.0,本地开发一切正常,发布线上docker后出现如下错误:

Microsoft.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

按照网上的解决方案一顿配置输出:连接字符串增加 Encrypt=false;TrustServerCertificate=true; ,然而并无卵用,最后在 https://q.cnblogs.com/q/144081/,找到解决方案,

最后贴一下我的完成dockerfile

 1 #See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
 2 
 3 FROM mcr.microsoft.com/dotnet/aspnet:8.0 
 4 
 5 COPY . /app/ 
 6 WORKDIR /app
 7 
 8 
 9 # SQL Server 支持的SSL版本太高解决方案
10 # https://docs.microsoft.com/zh-cn/sql/connect/ado-net/sqlclient-troubleshooting-guide?view=sql-server-ver15
11 
12 # 下列解决方案只适用于aspnet:6.0  aspnet:8.0镜像中openssl已更新到3.0,配置已发生变化
13 # 方案1 
14 # RUN sed -i 's/TLSv1.2/TLSv1/g' /etc/ssl/openssl.cnf
15 
16 # 方案2 
17 # RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf
18 # RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /etc/ssl/openssl.cnf
19 # RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf
20 # RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /usr/lib/ssl/openssl.cnf
21  
22 # 下列配置适用于 openssl3.0 修改TLSv1.2 为 TLSv1
23 # https://askubuntu.com/questions/1436476/ubuntu-22-04-sqlcmd-can-not-connect-to-ms-sql-server-2016/1445405#1445405
24 
25 # openssl.cnf  ****开始****
26 # openssl_conf = openssl_init
27 
28 # [openssl_init]
29 # providers = provider_sect
30 # ssl_conf = ssl_sect
31 # 
32 # [provider_sect]
33 # default = default_sect
34 # legacy = legacy_sect
35 # 
36 # [default_sect]
37 # activate = 1
38 # 
39 # [legacy_sect]
40 # activate = 1
41 # 
42 # [ssl_sect]
43 # system_default = system_default_sect
44 # 
45 # [system_default_sect]
46 # CipherString = DEFAULT:@SECLEVEL=0  
47 # openssl.cnf ****结束****
48 
49 # 修改默认的 openssl.cnf 配置
50 RUN sed -i 's/\[openssl_init\]/# \[openssl_init\]/g' /etc/ssl/openssl.cnf
51 RUN sed -i '$a\[openssl_init]' /etc/ssl/openssl.cnf
52 RUN sed -i '$a\providers = provider_sect' /etc/ssl/openssl.cnf
53 RUN sed -i '$a\ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
54  
55 RUN sed -i '$a\[provider_sect]' /etc/ssl/openssl.cnf
56 RUN sed -i '$a\default = default_sect' /etc/ssl/openssl.cnf
57 RUN sed -i '$a\legacy = legacy_sect' /etc/ssl/openssl.cnf
58  
59 RUN sed -i '$a\[default_sect]' /etc/ssl/openssl.cnf
60 RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf
61  
62 RUN sed -i '$a\[legacy_sect]' /etc/ssl/openssl.cnf
63 RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf
64  
65 RUN sed -i '$a\[ssl_sect]' /etc/ssl/openssl.cnf
66 RUN sed -i '$a\system_default = system_default_sect' /etc/ssl/openssl.cnf
67  
68 RUN sed -i '$a\[system_default_sect]' /etc/ssl/openssl.cnf
69 RUN sed -i '$a\CipherString = DEFAULT:@SECLEVEL=0' /etc/ssl/openssl.cnf
70 
71 
72 RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
73 RUN echo 'Asia/Shanghai' >/etc/timezone
74 EXPOSE 8080
75 ENTRYPOINT ["dotnet", "PoService.Client.dll"]

在此特别谢谢园友。

 

posted @ 2024-01-12 17:01  xingbo  阅读(828)  评论(0编辑  收藏  举报