堆栈内存溢出
  简体   繁体   English

如何在 .NET Core http 客户端中禁用 SSL 证书检查?

[英]How can I disable the SSL Certificate check in the .NET Core http client?

 原文  2021-12-17 10:07:01       c#/ go/ aws-lambda/ proxy/ tls1.2

问题描述

I am trying to connect to a website via a proxy.我正在尝试通过代理连接到网站。 This is happening in an AWS Lambda with .NET Core SDK using an http client.这发生在 AWS Lambda 和 .NET Core SDK 使用 Z80791B3AE7002CB88C246876D9FAAF8 客户端。 The call looks pretty much like this:调用看起来很像这样:

handler = new HttpClientHandler()
{
 CookieContainer = cookieContainer,
     Proxy = new WebProxy(
                new Uri(Environment.GetEnvironmentVariable("proxyURL"))),
     ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
     SslProtocols = SslProtocols.Tls12,
     ClientCertificateOptions = ClientCertificateOption.Manual
};

using(var client = new HttpClient(handler))
{
     var content = await client.GetAsync("https://my-website.com/");
}

I am not able to make the call to "https://my-website.com/".我无法拨打“https://my-website.com/”电话。 The call times out without an error message.调用超时,没有错误消息。

However I was able to access the website using Golang and resty in an AWS Lambda, skipping the TLS Check:但是,我能够使用 Golang 访问该网站,并在 AWS Lambda 中休息,跳过 TLS 检查:

client := resty.New()
resp, err := client.
    SetProxy(os.Getenv("proxyURL")).
    SetRetryCount(3).SetTimeout(3*time.Second).SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}).
    R().Get("https://my-website.com/")

My question is: how can I achieve the behaviour from my Golang Code in my .NET Core Code?我的问题是:如何在 .NET 核心代码中实现 Golang 代码的行为?

1 个解决方案

解决方案1
 1 已采纳  2022-01-08 14:37:28

TL; TL; DR: The problem lied not within certificate validation, but in a security group rule. DR:问题不在于证书验证,而在于安全组规则。

  1. As Marc Gravell kindly pointed out, the DangerousAcceptAnyServerCertificateValidator already achieves the aim of ignoring certificate validation problems.正如Marc Gravell所指出的, DangerousAcceptAnyServerCertificateValidator已经达到了忽略证书验证问题的目的。
  2. After deploying the same code in an EC2 instance in the same VPC and subnet I noticed, that the .NET Core code was making one more HTTP call than the Go code (Although I still do not understand why).在同一 VPC 和子网中的 EC2 实例中部署相同的代码后,我注意到 .NET 核心代码比 Go 代码多发出一次 HTTP 调用(尽管我仍然不明白为什么)。 The IP adress was not within the allowed IP range of outgoing traffic, thus blocking the request and causing a timeout of the HttpClient . IP 地址不在允许的 IP 传出流量范围内,因此阻塞了请求并导致HttpClient超时。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Ssl Stream获取/存储客户端证书? - How can I get/store client certificate using Ssl Stream? 如何将 SSl 证书添加到 Kestrel in.Net core - How to add SSl certificate to Kestrel in .Net core 如何检查是否安装了SSL证书? - How can I check whether a ssl certificate is installed? .NET Core:如何为服务和客户端之间的 gRpc 通信禁用 TLS/SSL? - .NET Core: How to disable TLS/SSL for gRpc communication between service and client? 如何使用asp net core http客户端将文件和文本数据发布到web api? - How can i post both file and text data to web api using asp net core http client? 如何在.Net Core中使用客户端SSL证书 - How to use Client SSL Certificates with .Net Core 在将数据插入 .NET Core 中的数据库之前,如何检查客户端是否存在于数据库中 - How can I check if client exists in database before inserting data into database in .NET Core 在* some * WebAPI控制器上禁用SSL客户端证书? - Disable SSL client certificate on *some* WebAPI controllers? ASP.NET Core + IIS Express 如何设置 SSL 证书 - ASP.NET Core + IIS Express how to setup SSL Certificate 如何在CentOS上的.Net-Core 2中忽略SSL证书验证 - How to ignore SSL certificate validation in .Net-Core 2 on CentOS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM