全部 - 我编写了一个dotnet核心API集,可以在Windows上完美运行。在Ubuntu 14.04上,除了向使用客户端证书进行身份验证的供应商提供的一个SOAP请求之外,一切正常。
请求总是超时。 Netstat跟踪显示443上只有1个字节的数据发送到远程服务。100秒内没有通信,然后应用程序抛出超时异常。
我尝试使用openssl导出PEM和CRT文件,并在现在配置代码的方式(pfx w / password)之外引用它们。我还将PFX的证书部分加载到ca-certs中。
以下是代码:
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var baseAddress = new Uri(mySettings.ClientUrl);
factory = new ChannelFactory<SingleSignOnSoap>(binding, new EndpointAddress(baseAddress));
if (RuntimeEnvironment.OperatingSystemPlatform == Platform.Windows)
{
//windows file location
factory.Credentials.ClientCertificate.Certificate = new X509Certificate2(mySettings.PrivateKeyWindowsPath, mySettings.PfxPass);
}
else
{
//linux file location
factory.Credentials.ClientCertificate.Certificate = new X509Certificate2(mySettings.ClientPrivateKeyUnixPath, mySettings.PfxPass);
}
serviceProxy = factory.CreateChannel();
RequestTicketRequest request = new RequestTicketRequest();
RequestTicketRequestBody requestBody = new RequestTicketRequestBody(xmlRequest);
request.Body = requestBody;
RequestTicketResponse response = serviceProxy.RequestTicket(request);
return response.Body.RequestTicketResult;
答案 0 :(得分:1)
Wireshark和Tshark显示身份验证实际上正常工作。发生超时是因为ServiceFactory正在等待接收响应,但网络已向远程服务器发送了连接重置标志([RST,ACK])。我已经能够在多个Linux发行版上重现,所以我在github上向dotnet核心WCF团队的队列添加了一个问题。