首页 新闻 会员 周边 捐助

.net core 2.2 项目升级到 .net 6 后遭遇 "The remote certificate was rejected" 问题

0
悬赏园豆:60 [已解决问题] 解决于 2022-06-23 12:29

.net core 2.2 项目升级到 .net 6 后连接 SQL Server 数据库时出现错误

Microsoft.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)
 ---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

错误堆栈信息如下

 ---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at Microsoft.Data.SqlClient.SNI.SNITCPHandle.EnableSsl(UInt32 options)
   at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at Microsoft.Data.SqlClient.TdsParser.ConsumePreLoginHandshake(Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean& marsCapable, Boolean& fedAuthRequired)
   at Microsoft.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover, SqlAuthenticationMethod authType)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool)
   at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
   at Microsoft.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
   at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
   at Microsoft.Data.ProviderBase.DbConnectionPool.WaitForPendingOpen()
--- End of stack trace from previous location ---
   at Dapper.SqlMapper.ExecuteImplAsync(IDbConnection cnn, CommandDefinition command, Object param) in /_/Dapper/SqlMapper.Async.cs:line 645

请问如何解决?

dudu的主页 dudu | 高人七级 | 园豆:29620
提问于:2022-06-23 09:50
< >
分享
最佳答案
1

在连接字符串里加上设置: ;TrustServerCertificate=true

收获园豆:40
A股天才交易猿 | 小虾三级 |园豆:1542 | 2022-06-23 10:08

这招很管用

dudu | 园豆:29620 (高人七级) | 2022-06-23 11:10

@dudu: 谢谢dudu

A股天才交易猿 | 园豆:1542 (小虾三级) | 2022-06-23 13:41

这个证书问题是 Microsoft.Data.SqlClient 4.0.0 引入的,详见 Breaking Changes

dudu | 园豆:29620 (高人七级) | 2022-11-10 12:19
其他回答(2)
0

这个是不是说的这个事,有没有看过:Unable to connect to SQL Server with encryption enabled with 4.0 #1402

收获园豆:20
会长 | 园豆:12463 (专家六级) | 2022-06-23 10:16

就是这个事

the default value for connection string property Encrypt has set to true, which previously was false

支持(0) 反对(0) dudu | 园豆:29620 (高人七级) | 2022-06-23 11:11
0

今天碰巧看到这个博问,没想到下午我部署.net6到docker就爆了这个错,刚刚试了一下加TrustServerCertificate=true,但是还是连接不上数据库,好难搞。

顾星河 | 园豆:7294 (大侠五级) | 2022-06-23 22:13

试试 Encrypt=False

支持(0) 反对(0) dudu | 园豆:29620 (高人七级) | 2022-06-23 22:28

@dudu: 试了,也没好。网上查了一下资料,说是“因为linux要求使用的TLS版本较高,而SqlServer数据库不支持。”,微软的官方文档也提到了这个https://docs.microsoft.com/zh-cn/sql/connect/ado-net/sqlclient-troubleshooting-guide?view=sql-server-ver15 我估计是我的sql server版本太低了,用的是阿里云虚拟主机附带的一个2008的sql server ,泪目o(╥﹏╥)o 现在得想个法子整个配置正常点又相对便宜的数据库了 。等我薅羊毛薅个便宜服务器搭个sqlserver了再回头试试这个部署问题。

支持(0) 反对(0) 顾星河 | 园豆:7294 (大侠五级) | 2022-06-23 22:40

@默卿: 试试 RUN sed -i 's/TLSv1.2/TLSv1.0/g' /etc/ssl/openssl.cnf

支持(0) 反对(0) dudu | 园豆:29620 (高人七级) | 2022-06-23 23:27
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册