android - 客户端处理程序无法识别我受信任的 API 证书

Question

我在使用 HttpClientHandler 时遇到问题，当我使用新的实例化 API 调用时被认为是不可靠的，而当使用 native 时则不会发生这种情况，有人知道可能发生了什么吗？或者必须做什么才能使我的处理程序正常运行？

下面是我实例化和使用它的代码 fragment 。

private static HttpClient ConfigureClient(string endpoint)
{
    return new HttpClient(_authenticatedHttpClientHandler)
    {
        BaseAddress = new Uri($"{Endpoints.FULL_URL}/{endpoint}"),
        Timeout = new TimeSpan(0, 0, ServiceConfiguration.TIMEOUT)
    };
}

public static void RegisterContainer(IContainerRegistry container)
{
     _authenticatedHttpClientHandler = new AuthenticatedHttpClientHandler();

    container.RegisterInstance(_authenticatedHttpClientHandler);
}

证书是使用 Let's Encrypt(通配符)教程创建的。

堆栈跟踪:

{System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Security.Interface.TlsException: CertificateUnknown at Mono.AppleTls.AppleTlsContext.EvaluateTrust () [0x000bf] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:306 at Mono.AppleTls.AppleTlsContext.ProcessHandshake () [0x00075] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:213 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:840 at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:289 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:223 --- End of inner exception stack trace --- at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x0025c] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:406 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x00176] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs:137 at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x00170] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebConnection.cs:222 --- End of inner exception stack trace --- at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x00208] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebConnection.cs:234 at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x000f7] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebConnection.cs:263 at System.Net.WebOperation.Run () [0x00052] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebOperation.cs:268 at System.Net.WebCompletionSource1[T].WaitForCompletion () [0x0008e] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebCompletionSource.cs:111 at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func`1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000e8] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/HttpWebRequest.cs:956 at System.Net.Http.MonoWebRequestHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x0029b] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System.Net.Http/MonoWebRequestHandler.cs:485 }

Answer 1

I have a problem using HttpClientHandler, when I use a new instantiated API calls are considered unreliable, when using native this does not happen, does anyone know what may be happening?

根据 TLS of iOS and Mac 的托管部分HttpClient 的托管实现:

It is not fully integrated with the Apple OSes and is limited to TLS 1.0. It may not be able to connect to secure web servers or cloud services in the future.

根据Transport Layer Security (TLS) 1.2 :

April, 2018 – Due to increased security requirements, including PCI compliance, major cloud providers and web servers are expected to stop supporting TLS versions older than 1.2. Xamarin projects created in previous versions of Visual Studio default to use older versions of TLS.

因此，应始终使用 HttpClient 的 native 实现而不是托管方式来支持 TLS1.2+。