英文:
How can I disable the SSL Certificate check in the .NET Core http client?
问题
我正在尝试通过代理连接到一个网站。这是在使用.NET Core SDK和http客户端的AWS Lambda中发生的。调用看起来很像这样:
handler = new HttpClientHandler()
{
CookieContainer = cookieContainer,
Proxy = new WebProxy(
new Uri(Environment.GetEnvironmentVariable("proxyURL"))),
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
SslProtocols = SslProtocols.Tls12,
ClientCertificateOptions = ClientCertificateOption.Manual
};
using(var client = new HttpClient(handler))
{
var content = await client.GetAsync("https://my-website.com/");
}
我无法调用"https://my-website.com/"。调用超时且没有错误消息。
然而,我能够在AWS Lambda中使用Golang和resty访问该网站,跳过TLS检查:
client := resty.New()
resp, err := client.
SetProxy(os.Getenv("proxyURL")).
SetRetryCount(3).SetTimeout(3*time.Second).SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}).
R().Get("https://my-website.com/")
我的问题是:如何在我的.NET Core代码中实现与我的Golang代码相同的行为?
英文:
I am trying to connect to a website via a proxy. This is happening in an AWS Lambda with .NET Core SDK using an http client. The call looks pretty much like this:
handler = new HttpClientHandler()
{
CookieContainer = cookieContainer,
Proxy = new WebProxy(
new Uri(Environment.GetEnvironmentVariable("proxyURL"))),
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
SslProtocols = SslProtocols.Tls12,
ClientCertificateOptions = ClientCertificateOption.Manual
};
using(var client = new HttpClient(handler))
{
var content = await client.GetAsync("https://my-website.com/");
}
I am not able to make the call to "https://my-website.com/". The call times out without an error message.
However I was able to access the website using Golang and resty in an AWS Lambda, skipping the TLS Check:
client := resty.New()
resp, err := client.
SetProxy(os.Getenv("proxyURL")).
SetRetryCount(3).SetTimeout(3*time.Second).SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}).
R().Get("https://my-website.com/")
My question is: how can I achieve the behaviour from my Golang Code in my .NET Core Code?
答案1
得分: 2
TL; DR: 问题不在于证书验证,而在于安全组规则。
- 正如 Marc Gravell 友好地指出的那样,
DangerousAcceptAnyServerCertificateValidator
已经实现了忽略证书验证问题的目标。 - 在同一 VPC 和子网中部署相同的代码后,我注意到 .NET Core 代码比 Go 代码多进行了一次 HTTP 调用(尽管我仍然不明白为什么)。该 IP 地址不在允许的出站流量 IP 范围内,因此阻止了请求,并导致
HttpClient
超时。
英文:
TL; DR: The problem lied not within certificate validation, but in a security group rule.
- As Marc Gravell kindly pointed out, the
DangerousAcceptAnyServerCertificateValidator
already achieves the aim of ignoring certificate validation problems. - After deploying the same code in an EC2 instance in the same VPC and subnet I noticed, that the .NET Core code was making one more HTTP call than the Go code (Although I still do not understand why). The IP adress was not within the allowed IP range of outgoing traffic, thus blocking the request and causing a timeout of the
HttpClient
.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论