绕过 DotNet 核心服务堆栈上的 SSL 证书验证 [英] Bypassing SSL Certificate Validation on DotNet Core Service Stack

问题描述

我知道 ServicePointManager.ServerCertificateValidationCallback 不再存在于 .Net Core 中，而是替换为:

I know that ServicePointManager.ServerCertificateValidationCallback no longer exists in .Net Core and is instead replaced with:

using(var handler = new System.Net.Http.HttpClientHandler())
{
    using (var httpClient = new System.Net.Http.HttpClient(handler))
    {
        handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) =>
        {
            return true;
        };

    }
}

然而，我们目前使用的是 ServiceStack.Core 库，据我所知，它既没有公开这样的属性，也没有公开处理程序本身.

However we are currently using the ServiceStack.Core library which, as far as I can see, does not expose either a property like this or the handler itself.

如何告诉 ServiceStack 客户端绕过此代码中的 ssl 验证?

How would I tell a ServiceStack client to bypass ssl validation in this code?

using(var client = new JsonServiceClient("https://www.google.com"))
{
    var response = client.Get("/results");
}

如果有办法，这在 Windows 和 Linux 上的工作方式是否相同?

If there is a way, would this work the same on both Windows and Linux?

推荐答案

JsonServiceClient 建立在 .NET HttpWebRequest 之上，它已在 .NET Core 中重写为 HttpClient 上的包装器所以我们通常建议 .NET Core 避免这种开销(比 .NET 4.5 慢得多)并切换到使用 ServiceStack.HttpClient 中的 JsonHttpClient 代替，因为它直接使用 HttpClient 并且您可以在其中注入自己的 HttpClientHandler :

JsonServiceClient is built on .NET HttpWebRequest which has been rewritten in .NET Core as a wrapper over HttpClient so we'd generally recommend for .NET Core to avoid this overhead (which is much slower than .NET 4.5) and switch to using JsonHttpClient in ServiceStack.HttpClient instead as it uses HttpClient directly and where you can inject your own HttpClientHandler with:

var client = new JsonHttpClient(baseUrl)
{
    HttpMessageHandler = new HttpClientHandler
    {
        UseCookies = true,
        AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
        ServerCertificateCustomValidationCallback = (req,cert,chain,errors) => true
    }
};

请注意，建议重用 HttpClient 实例，因此您应该尝试尽可能重用 HttpClient 实例并避免处置它们.

Note it's recommended to reuse HttpClient instances so you should try to reuse HttpClient instances when possible and avoid disposing them.

这篇关于绕过 DotNet 核心服务堆栈上的 SSL 证书验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！