我很难找出如何解决这个问题,因为它只发生在 Azure Linux 应用服务中。在本地 (win10) 和 Azure Windows 应用服务中,没有问题。
该应用程序是 ASP.NET Core 3.1,我创建了一个自定义服务作为 HttpClient:
private readonly HttpClient _client;
public NPIApiService(HttpClient client)
{
_client = client;
_client.BaseAddress = new Uri("https://npiregistry.cms.hhs.gov/api/");
}
public class AllowCertsMessageHandler : HttpClientHandler
{
public AllowCertsMessageHandler()
{
this.ClientCertificateOptions = ClientCertificateOption.Manual;
this.ServerCertificateCustomValidationCallback = (requestMessage, cert, certChain, policyErrors) =>
{
return true;
};
}
}
public async Task<NPIResult> LoadNPI(string npi)
{
var response = await _client.GetAsync(new Uri($"?version=2.1&number={npi}", UriKind.Relative), HttpCompletionOption.ResponseContentRead);
if (response.IsSuccessStatusCode)
{
var rawstring = await response.Content.ReadAsStringAsync();
return System.Text.Json.JsonSerializer.Deserialize<NPIResult>(rawstring);
}
return null;
}
请注意AllowCertsMessageHandler:我已将此添加为一个有希望的解决方法,但无济于事。
services.AddHttpClient<Services.NPIApiService>()
.ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
ClientCertificateOptions = ClientCertificateOption.Manual,
ServerCertificateCustomValidationCallback = (requestMessage, cert, certChain, policyErrors) =>
{
return true;
}
};
});
上面的代码在我尝试过的任何地方都运行良好,除了 Azure Linux 应用服务。
异常的堆栈跟踪:
2020-06-10T19:18:31.232053228Z: [INFO] [40m[32minfo[39m[22m[49m: System.Net.Http.HttpClient.NPIApiService.LogicalHandler[100]
2020-06-10T19:18:31.232121130Z: [INFO] Start processing HTTP request GET https://npiregistry.cms.hhs.gov/api/?version=2.1&number=1316923212
2020-06-10T19:18:31.233564068Z: [INFO] [40m[32minfo[39m[22m[49m: System.Net.Http.HttpClient.NPIApiService.ClientHandler[100]
2020-06-10T19:18:31.233584268Z: [INFO] Sending HTTP request GET https://npiregistry.cms.hhs.gov/api/?version=2.1&number=1316923212
2020-06-10T19:18:31.387040818Z: [INFO] [41m[30mfail[39m[22m[49m: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
2020-06-10T19:18:31.387088119Z: [INFO] An unhandled exception has occurred while executing the request.
2020-06-10T19:18:31.388164847Z: [INFO] System.Net.Http.HttpRequestException: **The SSL connection could not be established, see inner exception.**
2020-06-10T19:18:31.388184048Z: [INFO] ---> System.Security.Authentication.AuthenticationException: **Authentication failed, see inner exception.**
2020-06-10T19:18:31.388194148Z: [INFO] ---> Interop+OpenSsl+SslException: **SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.**
2020-06-10T19:18:31.389275477Z: [INFO] ---> Interop+Crypto+OpenSslCryptographicException: **error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small**
2020-06-10T19:18:31.389293777Z: [INFO] --- End of inner exception stack trace ---
2020-06-10T19:18:31.394673519Z: [INFO] at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
2020-06-10T19:18:31.394697020Z: [INFO] at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
2020-06-10T19:18:31.394708120Z: [INFO] --- End of inner exception stack trace ---
我也尝试对 openssl.conf 进行一些更改,但似乎没有任何区别。
这是我第一次尝试可能与 x 平台兼容的应用程序,所以我仍在学习。我很确定这是与环境相关的,但我欢迎任何建议。
提前致谢...