How can I disable the SSL Certificate check in the .NET Core http client?

huangapple go评论133阅读模式
英文:

How can I disable the SSL Certificate check in the .NET Core http client?

问题

我正在尝试通过代理连接到一个网站。这是在使用.NET Core SDK和http客户端的AWS Lambda中发生的。调用看起来很像这样:

handler = new HttpClientHandler()
{
    CookieContainer = cookieContainer,
    Proxy = new WebProxy(
        new Uri(Environment.GetEnvironmentVariable("proxyURL"))),
    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
    SslProtocols = SslProtocols.Tls12,
    ClientCertificateOptions = ClientCertificateOption.Manual
};

using(var client = new HttpClient(handler))
{
    var content = await client.GetAsync("https://my-website.com/");
}

我无法调用"https://my-website.com/"。调用超时且没有错误消息。

然而,我能够在AWS Lambda中使用Golang和resty访问该网站,跳过TLS检查:

client := resty.New()
resp, err := client.
    SetProxy(os.Getenv("proxyURL")).
    SetRetryCount(3).SetTimeout(3*time.Second).SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}).
    R().Get("https://my-website.com/")

我的问题是:如何在我的.NET Core代码中实现与我的Golang代码相同的行为?

英文:

I am trying to connect to a website via a proxy. This is happening in an AWS Lambda with .NET Core SDK using an http client. The call looks pretty much like this:

handler = new HttpClientHandler()
{
 CookieContainer = cookieContainer,
     Proxy = new WebProxy(
                new Uri(Environment.GetEnvironmentVariable("proxyURL"))),
     ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
     SslProtocols = SslProtocols.Tls12,
     ClientCertificateOptions = ClientCertificateOption.Manual
};

using(var client = new HttpClient(handler))
{
     var content = await client.GetAsync("https://my-website.com/");
}

I am not able to make the call to "https://my-website.com/". The call times out without an error message.

However I was able to access the website using Golang and resty in an AWS Lambda, skipping the TLS Check:

client := resty.New()
resp, err := client.
	SetProxy(os.Getenv("proxyURL")).
	SetRetryCount(3).SetTimeout(3*time.Second).SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}).
	R().Get("https://my-website.com/")

My question is: how can I achieve the behaviour from my Golang Code in my .NET Core Code?

答案1

得分: 2

TL; DR: 问题不在于证书验证,而在于安全组规则。

  1. 正如 Marc Gravell 友好地指出的那样,DangerousAcceptAnyServerCertificateValidator 已经实现了忽略证书验证问题的目标。
  2. 在同一 VPC 和子网中部署相同的代码后,我注意到 .NET Core 代码比 Go 代码多进行了一次 HTTP 调用(尽管我仍然不明白为什么)。该 IP 地址不在允许的出站流量 IP 范围内,因此阻止了请求,并导致 HttpClient 超时。
英文:

TL; DR: The problem lied not within certificate validation, but in a security group rule.

  1. As Marc Gravell kindly pointed out, the DangerousAcceptAnyServerCertificateValidator already achieves the aim of ignoring certificate validation problems.
  2. After deploying the same code in an EC2 instance in the same VPC and subnet I noticed, that the .NET Core code was making one more HTTP call than the Go code (Although I still do not understand why). The IP adress was not within the allowed IP range of outgoing traffic, thus blocking the request and causing a timeout of the HttpClient.

huangapple
  • 本文由 发表于 2021年12月17日 18:07:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/70391468.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定