c# - 调用第三方 Web 服务时出错
问题描述
我需要给第三方服务打个电话。并且该服务配置了相互 SSL 身份验证,并且仅支持tls 1.2。我已经获得了一个 pfx 证书,我应该将其添加到我的请求中。我已经使用 mmc 在受信任的根证书颁发机构和个人文件夹中安装了证书,但我总是得到内部异常:请求被中止:无法创建 SSL/TLS 安全通道。以下是我的代码
public static T Post<T>(string resourceUri, object request)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
var requestHandler = new WebRequestHandler();
requestHandler.ServerCertificateValidationCallback = delegate { return true; };
requestHandler.ClientCertificates.Add(GetCertificate());
using (var client = new HttpClient(requestHandler))
{
client.BaseAddress = new Uri(resourceUri);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
try
{
var responseMessage = client.PostAsJsonAsync(resourceUri, request).Result;
}
catch (Exception ex)
{
var abc = ex;
}
//if (responseMessage.IsSuccessStatusCode)
// return responseMessage.Content.ReadAsAsync<T>().Result;
//else
// throw new Exception(responseMessage.Content.ReadAsStringAsync().Result);
return default(T);
}
}
private static X509Certificate2 GetCertificate()
{
X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
userCaStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
var certName = "testing.stg.io";
X509Certificate2Collection certs = certificatesInStore.Find(X509FindType.FindBySubjectName, certName, true);
X509Certificate2 clientCertificate = null;
if (certs.Count == 1)
clientCertificate = certs[0];
else
throw new Exception("Unable to locate the certificate.");
return clientCertificate;
}
catch
{
throw;
}
finally
{
userCaStore.Close();
}
}
异常截图:
当我启用网络跟踪时,这是我在日志中看到的:
………………………………………………………………………………………………………………………………………………………… ……
System.Net.Sockets Verbose: 0 : [35672] 000003C0 : 64 1A CE 06 00 65 C1 90-78 DD 9F 5C 57 E5 89 FB : d....e..x..\W...
System.Net.Sockets Verbose: 0 : [35672] 000003D0 : 6F 0D AE 32 0F 9F 6A FF-35 51 71 CC EF AE C1 D0 : o..2..j.5Qq.....
System.Net.Sockets Verbose: 0 : [35672] 000003E0 : 41 29 D3 AC 1A 79 7E 85-63 FF F7 39 ED A0 6F 06 : A)...y~.c..9..o.
System.Net.Sockets Verbose: 0 : [35672] 000003F0 : 98 04 66 22 79 47 C6 55-5A 48 53 E6 4B A9 37 A3 : ..f"yG.UZHS.K.7.
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::EndSend(OverlappedAsyncResult#64923656)
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::EndSend() -> Int32#1461
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::BeginReceive()
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::BeginReceive() -> OverlappedAsyncResult#35236192
System.Net.Sockets Verbose: 0 : [35672] Data from Socket#64921669::PostCompletion
System.Net.Sockets Verbose: 0 : [35672] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::EndReceive(OverlappedAsyncResult#35236192)
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::BeginReceive()
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::BeginReceive() -> OverlappedAsyncResult#21943666
System.Net.Sockets Verbose: 0 : [35432] Data from Socket#64921669::PostCompletion
System.Net.Sockets Verbose: 0 : [35432] 00000000 : 02 2A : .*
System.Net.Sockets Verbose: 0 : [35432] Socket#64921669::EndReceive(OverlappedAsyncResult#21943666)
System.Net.Sockets Verbose: 0 : [35432] Exiting Socket#64921669::EndReceive() -> Int32#2
System.Net Information: 0 : [35432] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 7c47298:7c69600, targetName = 14.140.230.181, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35432] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CertUnknown).
System.Net.Sockets Verbose: 0 : [35432] Socket#64921669::Dispose()
System.Net Error: 0 : [35432] Exception in HttpWebRequest#60068066:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [35432] HttpWebRequest#60068066::EndGetRequestStream()
System.Net Error: 0 : [35432] Exception in HttpWebRequest#60068066::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..
System.Net.Http Error: 0 : [35432] Exception in WebRequestHandler#45004109::SendAsync - The request was aborted: Could not create SSL/TLS secure channel..
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
System.Net.Http Error: 0 : [35432] HttpClient#2383799::SendAsync() - An error occurred while sending HttpRequestMessage#58870012. System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
给定错误的可能原因是什么?Wireshark 截图。
上面的日志和捕获对你们有意义吗?我被困在这里很久了,无法弄清楚失误在哪里?什么可能是坏证书的原因?
解决方案
推荐阅读
- machine-learning - 在 Weka - 不规范化所有数字属性
- java - 如何在使用 java 执行 watson 助手的功能时禁用 okhttp3.internal.platform.Platform 日志在我的控制台上打印?
- llvm - 通过不再工作:未定义的符号_ZN4llvm24DisableABIBreakingChecksE
- spring-data-jpa - JPA 规范:从列表中选择具有至少一个具有属性的参数的所有实体
- java - 将字符串 yyyy-mm-dd hh:mm:ss +timezone 格式化为 DateTime
- pyspark - pyspark 用正则表达式替换正则表达式
- javascript - 将 JSON 连接到 Javascript 中的字符串
- asp.net-mvc - 如何使用 entinty 框架从 ASP.NET MVC 中的数据库通过电子邮件发送图像
- css - 将样式描述传递给子组件
- java - Java进程导致python脚本JSON错误