HttpRepl icon indicating copy to clipboard operation
HttpRepl copied to clipboard
verified publisher icon dotnet

"HttpRequestException: The SSL connection could not be established" under Linux

Open artkpv opened this issue 5 years ago • 7 comments

Hello, I'm having this error when running under ArchLinux. Created a project "webapi" under dotnet 3.1, dotnet new webapi. Run it with dotnet run. Then I connect to it using HttpRepl and it throws this exception. How to fix?

https://localhost:5001/> get 1
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.HttpRepl.Commands.BaseHttpCommand.ExecuteAsync(IShellState shellState, HttpState programState, DefaultCommandInput`1 commandInput, ICoreParseResult parseResult, CancellationToken cancellationToken) in /_/src/Microsoft.HttpRepl/Commands/BaseHttpCommand.cs:line 142
   at Microsoft.Repl.Commanding.DefaultCommandDispatcher`2.ExecuteCommandInternalAsync(IShellState shellState, CancellationToken cancellationToken) in /_/src/Microsoft.Repl/Commanding/DefaultCommandDispatcher.cs:line 150
   at Microsoft.Repl.Commanding.DefaultCommandDispatcher`2.ExecuteCommandAsync(IShellState shellState, CancellationToken cancellationToken) in /_/src/Microsoft.Repl/Commanding/DefaultCommandDispatcher.cs:line 113

Environment:

[I] ➜ uname -a  
Linux artpc 5.5.3-arch1-1 #1 SMP PREEMPT Tue, 11 Feb 2020 15:35:41 +0000 x86_64 GNU/Linux

art on  master [!] 
[I] ➜ dotnet --info
.NET Core SDK (reflecting any global.json):
 Version:   3.1.100
 Commit:    cd82f021f4

Runtime Environment:
 OS Name:     arch
 OS Version:  
 OS Platform: Linux
 RID:         arch-x64
 Base Path:   /usr/share/dotnet/sdk/3.1.100/

Host (useful for support):
  Version: 3.1.0
  Commit:  6e49edcd54

.NET Core SDKs installed:
  3.1.100 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.App 3.1.0 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 3.1.0 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:
  https://aka.ms/dotnet-download

artkpv avatar Feb 18 '20 14:02 artkpv

@artkpv Are you able to access the web api via a web browser with no certificate errors? I'm not too familiar with how certs are handled on linux, but my guess would be that the self-signed cert for the web api is not trusted.

tlmii avatar Feb 18 '20 17:02 tlmii

@tlmii Firefox v73 disables certification check for localhost by default so yes, it accesses the api. Looks like I need to issue a certificate for localhost and make HttpRepl use it.

BTW, curl also works only if I disable security checks (-k switch).

artkpv avatar Feb 19 '20 08:02 artkpv

I'm facing the same issue, but even after trusting my local certificate (i.e. curl works without -k) I still get this exception with httprepl

kipters avatar May 19 '20 14:05 kipters

@kipters were you able to resolve this per the workaround @artkpv mentioned?

bradygaster avatar Jun 22 '20 18:06 bradygaster

@bradygaster I ended up generating a new cert and using that one instead of the one generated by netcore itself for my server, using this one everything works as expected:

#!/bin/bash

if [[ "$1" != "" ]]; then
    CERTNAME="$1"
else
    CERTNAME=cert
fi

openssl req -x509 -newkey rsa:4096 -keyout ${CERTNAME}_key.pem -out $CERTNAME.pem -days 365
openssl pkcs12 -export -out $CERTNAME.pfx -inkey ${CERTNAME}_key.pem -in $CERTNAME.pem
openssl pkcs12 -in $CERTNAME.pfx -clcerts -nokeys -out $CERTNAME.crt

kipters avatar Jul 01 '20 16:07 kipters

@kipters and @tlmii - I tried this in an effort to validate if this trick would also fix my issue in which i'm seeing the repl be unable to get to the actual swagger JSON URL. it's there, and I can call it, but just like I showed @tlmii with the Tye demo, I can't access my swagger endpoint when i'm running SSL.

bradygaster avatar Aug 05 '20 16:08 bradygaster

@bradygaster I removed the waiting tag since we're not waiting on a customer - do we need to do anything else here? I can't remember if you ended up unblocked or not.

tlmii avatar Oct 22 '20 04:10 tlmii