那些遇到过的问题

.NET 中非常奇怪的 SSL 错误:仅针对特定 URL 无法解密指定数据

Rob*_*los 7 .net ssl https schannel .net-core

我正在使用 .NET 从 URL 下载数据。对于大多数 URL,它都没有问题,但对于一个特定的 URL,当我尝试建立连接时,我收到一个非常奇怪的错误。此外,该错误仅在第二次(及后续)尝试发出请求时发生。第一次似乎总是有效。

这是一些演示该问题的示例代码:

string url = "https://health-infobase.canada.ca/src/data/covidLive/covid19.csv";

for (int i = 1; i <= 10; i++)
{
    var req = (HttpWebRequest)WebRequest.Create(url);

    // Just in case, rule these out as being related to the issue.
    req.AllowAutoRedirect = false;
    req.ServerCertificateValidationCallback = (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => true;

    try
    {
        // This line throws the exception.
        using (req.GetResponse()) { }
    }
    catch (Exception ex) {
        Console.WriteLine(ex.ToString());
        Console.WriteLine($"Failed on attempt {i}.");
        return;
    }
}
Run Code Online (Sandbox Code Playgroud)

注意事项

  • 使用除指定 URL 之外的任何其他 URL 似乎都可以。即使同一服务器上的其他 URL(具有相同的证书)也可以正常工作。例如,https://health-infobase.canada.ca/pass
  • 我将 SChannel 日志记录级别提高到 3(警告和错误),但在 Windows 事件日志中没有看到任何来自 SChannel 源的内容。
  • 该问题同时出现在 .NET 4.8 (528372) 和 .NET Core 3.1.7 中
  • 问题同时发生在WebRequestWebClient
  • 在.NET Framework 4.8中,使用时问题似乎消失了WebClient.DownloadData(),但使用时仍然出现WebClient.OpenRead()
  • 在 .NET Framework 4.8 中,该问题似乎仅发生在下载某些文件的 URL 上(如我的代码示例中的 URL)。然而,在 .NET Core 中,任何路径位于https://health-infobase.canada.ca/src/下的 URL 都会发生错误。
  • 如果我使用中间 HTTPS 嗅探器(如 Fiddler),那么问题就会消失。
  • 在 Linux 上的 .NET Core 上运行相同的代码不会出现任何问题。
  • 使用硬连线证书验证回调(ServicePointManager.ServerCertificateValidationCallback始终返回true)没有帮助。

当我在.NET Core中运行时,堆栈跟踪如下所示:

System.Net.WebException: The SSL connection could not be established, see inner exception. Authentication failed, see inner exception.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> System.ComponentModel.Win32Exception (0x80090330): The specified data could not be decrypted.
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at System.Net.HttpWebRequest.SendRequest()
   at System.Net.HttpWebRequest.GetResponse()
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at UserQuery.Main() in C:\Users\robs\AppData\Local\Temp\LINQPad6\_gifldqtg\xltrxu\LINQPadQuery:line 12
Run Code Online (Sandbox Code Playgroud)

.NET Framework上,堆栈跟踪似乎不太有用:

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.GetResponse()
   at UserQuery.Main() in C:\Users\robs\AppData\Local\Temp\LINQPad5\_psduzptv\dcrjhq\LINQPadQuery.cs:line 48
Run Code Online (Sandbox Code Playgroud)

更新:作为问题在 github 上提交:https ://github.com/dotnet/runtime/issues/43682

Rob*_*los 1

根据https://github.com/dotnet/runtime/issues/43682的最新信息,这似乎是 Windows 中的操作系统错误。将 Windows 更新到最新版本可以解决该问题。

归档时间:

查看次数:

3313 次

最近记录:

4 年,11 月 前
相关归档
将浮点值的相等性检查为0是否安全? 97
正则表达式只匹配两个单词 35
使用RegEx平衡匹配括号 30
防止Windows工作站(桌面)在运行WPF程序时锁定 28
为什么微软的开发人员选择将.NET作为基于堆栈的机器? 21
将SSL证书添加到mysql docker容器中 8
在 Visual Studio 中针对多个配置运行单个测试 7
如何使用 IdentityServer 使用 JWT 令牌在 .NetCore 中授权 WebApi? 5
如何在golang Web服务器上设置HTTPS? 4
无法使用youtube-dl下载 1
难疑归档
Java是"通过引用传递"还是"传递价值"? 6270
如何检查文件是否存在而没有例外? 5290
是否有标准函数来检查JavaScript中的null,undefined或blank变量? 2088
如何在Linux中对文件进行符号链接? 1865
在GitHub上将图像添加到README.md 1675
在JavaScript中解析JSON? 1642
在Visual Studio中使用Git 1452
如何在HTTP POST请求中发送参数? 1396
require,include,require_once和include_once之间的区别? 1166
jQuery从下拉列表中获取选定的选项 1067