如何使用Mono解决OSX上的SecureChannelFailure [英] How do I resolve SecureChannelFailure on OSX with mono
问题描述
我正在尝试访问 https://geocoder.cit.api.here.com FSharp.Data中的Http
帮助器,并使用以下代码:
I'm trying to access https://geocoder.cit.api.here.com with .NET (F#) on mono. I'm using the Http
helper from FSharp.Data
using the following code:
let baseUrl = "https://geocoder.cit.api.here.com/6.2/geocode.json?searchtext=1701%20McFarland%20Blvd%20E%20Tuscaloosa%09%20AL&app_id=<Some app id>&app_code=<Some app code>"
let res = Http.RequestString(baseUrl)
在单声道版本4.6.2的OSX Sierra(10.12.2)上为我运行此命令会生成SecureChannelFailure
.我该如何解决?我已经尝试过mozroots --import --ask-remove
,但是没有帮助. ~/.config/.mono/certs/Trust
中有证书.
Running this for me on OSX Sierra (10.12.2) with mono version 4.6.2 yields a SecureChannelFailure
. How do I resolve this? I have tried mozroots --import --ask-remove
but that didn't help. There are certs in ~/.config/.mono/certs/Trust
.
我什至试图绕过检查,因为我只是在研究API,但这也不起作用.我试图绕过它的方法是:
I have even tried to bypass the check, since I'm just investigating the API, but that doesn't work either. The way I tried to bypass it is:
let callback = Security.RemoteCertificateValidationCallback(fun _ _ _ _ -> true)
ServicePointManager.ServerCertificateValidationCallback <- callback
推荐答案
使用Mono 4.8 + ,可以在运行基于CIL的.exe
之前将环境变量MONO_TLS_PROVIDER
分配给btls
. :
Using Mono 4.8+ you can assign the environment variable MONO_TLS_PROVIDER
to btls
before running your CIL-based .exe
:
export MONO_TLS_PROVIDER=btls
mono someFSharpAssembly.exe
通过Xamarin Studio/Visual Studio for Mac打开,将其分配给运行"配置:
On via Xamarin Studio / Visual Studio for Mac assign it to a Run configuration:
如果您随后收到HttpRequestException
:
Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED) ---> Mono.Btls.MonoBtlsException
这意味着您没有新格式的证书.运行工具"btls-cert-sync",将您现有的根证书转换为新的文件格式.如果"btls-cert-sync"抱怨旧信任库不存在",则首先需要告诉Mono如何找到这些证书,此页介绍了如何做:
It means that you do not have the certificates in the new format. Run the tool "btls-cert-sync" to convert your existing root certificates into the new file format. If "btls-cert-sync" complains that "The Old Trust Store does not exist", you first need to tell Mono how to find these certificates, this page describes how to do it:
这篇关于如何使用Mono解决OSX上的SecureChannelFailure的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!