如何使用Mono解决OSX上的SecureChannelFailure [英] How do I resolve SecureChannelFailure on OSX with mono

问题描述

我正在尝试访问 https://geocoder.cit.api.here.com FSharp.Data中的Http帮助器，并使用以下代码:

I'm trying to access https://geocoder.cit.api.here.com with .NET (F#) on mono. I'm using the Http helper from FSharp.Data using the following code:

let baseUrl = "https://geocoder.cit.api.here.com/6.2/geocode.json?searchtext=1701%20McFarland%20Blvd%20E%20Tuscaloosa%09%20AL&app_id=<Some app id>&app_code=<Some app code>"

let res = Http.RequestString(baseUrl)

在单声道版本4.6.2的OSX Sierra(10.12.2)上为我运行此命令会生成SecureChannelFailure.我该如何解决?我已经尝试过mozroots --import --ask-remove，但是没有帮助. ~/.config/.mono/certs/Trust中有证书.

Running this for me on OSX Sierra (10.12.2) with mono version 4.6.2 yields a SecureChannelFailure. How do I resolve this? I have tried mozroots --import --ask-remove but that didn't help. There are certs in ~/.config/.mono/certs/Trust.

我什至试图绕过检查，因为我只是在研究API，但这也不起作用.我试图绕过它的方法是:

I have even tried to bypass the check, since I'm just investigating the API, but that doesn't work either. The way I tried to bypass it is:

let callback = Security.RemoteCertificateValidationCallback(fun _ _ _ _ -> true)
ServicePointManager.ServerCertificateValidationCallback <- callback

推荐答案

使用Mono 4.8 + ，可以在运行基于CIL的.exe之前将环境变量MONO_TLS_PROVIDER分配给btls. :

Using Mono 4.8+ you can assign the environment variable MONO_TLS_PROVIDER to btls before running your CIL-based .exe:

export MONO_TLS_PROVIDER=btls
mono someFSharpAssembly.exe

通过Xamarin Studio/Visual Studio for Mac打开，将其分配给运行"配置:

On via Xamarin Studio / Visual Studio for Mac assign it to a Run configuration:

如果您随后收到HttpRequestException:

Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED) ---> Mono.Btls.MonoBtlsException

这意味着您没有新格式的证书.运行工具"btls-cert-sync"，将您现有的根证书转换为新的文件格式.如果"btls-cert-sync"抱怨旧信任库不存在"，则首先需要告诉Mono如何找到这些证书，此页介绍了如何做:

It means that you do not have the certificates in the new format. Run the tool "btls-cert-sync" to convert your existing root certificates into the new file format. If "btls-cert-sync" complains that "The Old Trust Store does not exist", you first need to tell Mono how to find these certificates, this page describes how to do it:

这篇关于如何使用Mono解决OSX上的SecureChannelFailure的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！