运行以下行:
new HttpClient().GetAsync(url).GetAwaiter().GetResult(); // url being an https endpoint with a valid certificate when I browse to the image from a browser
我得到以下异常:
Error: SecureChannelFailure (The authentication or decryption has failed.)
我尝试添加ServicePointManager变通办法:
ServicePointManager.ServerCertificateValidationCallback += (a, b, c, d) => true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
单独和一起以及回调的这种实现:
public static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
var isOk = true;
for (int i = 0; i < chain.ChainStatus.Length; i++)
if (chain.ChainStatus[i].Status != X509ChainStatusFlags.RevocationStatusUnknown)
{
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
var chainIsValid = chain.Build((X509Certificate2)certificate);
if (!chainIsValid)
isOk = false;
}
return isOk;
}
我还尝试将MONO_TLS_PROVIDER环境变量转换为btls,oldtls,legacy,但我收到了另一个例外:
Error: ConnectFailure (TLS Support not available.)
我在 Linux 上使用 Mono 4.4.1 ,我还尝试导入运行的证书:
mozroots --import --sync --url "http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"