以下代码(.Net core 2.1)在Windows的Visual Studio中运行良好。
ServicePointManager.ServerCertificateValidationCallback <- fun _ _ _ _ -> true
use request = new HttpRequestMessage(RequestUri = uri, Method = httpMethod)
use client = new HttpClient(handler)
let! response = client.SendAsync(request) |> Async.AwaitTask
但是,在Linux容器中运行时出现以下错误。似乎是根据The remote certificate is invalid according to the validation procedure问题的证书问题。是否可以找到并安装特定网站的证书并将其安装在docker容器中的方法?
$ docker run crawlers:latest gmac 201808
System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func 2个endFunction,操作1 endAction, Task 1个承诺,布尔值需要同步)
---从之前引发异常的位置开始的堆栈结束跟踪---
在System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream,SslClientAuthenticationOptions sslOptions,CancellationToken cancelledToken)
---内部异常堆栈跟踪的结尾---
在System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream,SslClientAuthenticationOptions sslOptions,CancellationToken cancelledToken)
在System.Threading.Tasks.ValueTask 1.get_Result()
at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask 1.get_Result()
在System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask 1 creationTask)
at System.Threading.Tasks.ValueTask 1.get_Result()
在System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage请求,布尔值doRequestAuth,CancellationToken cancelledToken)
在System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage请求,CancellationToken cancelToken)
在System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage请求,CancellationToken cancelToken)
在System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task 1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
--- End of inner exception stack trace ---
---> (Inner Exception #0) System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory 1.FromAsyncCoreLogic(IAsyncResult iar,Func 2 endFunction, Action 1 endAction,Task 1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask 1.get_Result()
在System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage请求,CancellationToken cancelToken)
在System.Threading.Tasks.ValueTask 1.get_Result()
at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask 1 creationTask上)
在System.Threading.Tasks.ValueTask 1.get_Result()
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task 1 sendTask,HttpRequestMessage请求,CancellationTokenSource cts,布尔值disposeCts)<-
[15:08:36 FTL]登录异常。
System.Exception:发生一个或多个错误。 (无法建立SSL连接,请参阅内部异常。)(无法建立SSL连接,请参阅内部异常。)
最佳答案
您将需要在Docker映像的受信任根中安装适当的CA证书。
将以下行添加到您的docker文件中,假设CA证书名为mycert.crt
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
COPY ./mycert.crt /usr/local/share/ca-certificates/mycert.crt
RUN update-ca-certificates
请确保证书的格式是这样的
关于linux - Linux docker:System.Security.Authentication.AuthenticationException:根据验证过程,远程证书无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52261388/