使用 StackExchange.Redis 与 Redis 的 SSL 连接 [英] SSL connectivity to Redis with StackExchange.Redis

问题描述

我在 StackExchange.Redis 与 Redis 连接时遇到了一个非常奇怪的问题.

I am having a very weird issue with StackExchange.Redis to connect with Redis.

我在 Redis 数据库上启用了 SSL，但我无法使用以下代码使用 SSL 证书从客户端连接到 Redis 服务器.

I have enabled SSL on Redis database and I am not able to connect from client to Redis server with SSL certificate with below code.

  static RedisConnectionFactory()
        {
            try
            {
                string connectionString = "rediscluster:13184";
                var options = ConfigurationOptions.Parse(connectionString);
                options.Password = "PASSWORD";
                options.AllowAdmin = true;
                options.AbortOnConnectFail = false;
                options.Ssl = true;
                options.SslHost = "HOSTNAME";
                var certificate = GetCertificateFromThubprint();
                options.CertificateSelection += delegate
                {
                    return certificate;
                };

                Connection = new Lazy<ConnectionMultiplexer>(
               () => ConnectionMultiplexer.Connect(options)
                );
            }
            catch (Exception ex)
            {
                throw new Exception("Unable to connect to Cache Server " + ex);
            }

        }

        public static ConnectionMultiplexer GetConnection() => Connection.Value;

        public static IEnumerable<RedisKey> GetCacheKeys()
        {

            return GetConnection().GetServer("rediscluster", 13184).Keys();
        }

        // Find certificate based on Thumbprint
        private static X509Certificate2 GetCertificateFromThubprint()
        {
  // Find certificate from "certificate store" based on thumbprint and return
StoreName CertStoreName = StoreName.Root;
            string PFXThumbPrint = "NUMBER";
            X509Store certLocalMachineStore = new X509Store(CertStoreName, StoreLocation.LocalMachine);
            certLocalMachineStore.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certLocalMachineCollection = certLocalMachineStore.Certificates.Find(
                                       X509FindType.FindByThumbprint, PFXThumbPrint, true);
            certLocalMachineStore.Close();
 return certLocalMachineCollection[0];
       }

但是，如果我创建一个控制台应用程序并使用上述代码连接到 Redis，那么我可以连接，但是如果我使用 Web 应用程序中的相同代码连接到 Redis，则我无法连接.

However, If I create a console application and connect to Redis with above code then I am able to connect, but If I used same code from my web application to connect to redis then I am not able to connect.

不确定我是否遗漏了什么.

Not sure if I am missing something.

此外，我还浏览了mgravell"帖子

Also, I went through "mgravell" post

在那篇文章中，他配置了CertificateValidation"方法，在我的场景中，我希望 Redis 验证 SSL 证书.所以我没有实现验证.并实现了CertificateSelection"方法来提供客户端证书.

In that post he has configured "CertificateValidation" method, In my scenario I want Redis to validate SSL certificate. so I have not implementation validation. And implemented "CertificateSelection" method to provide client certificate.

推荐答案

您可以尝试使用 CertificateValidation 验证证书.我尝试了以下代码，它对我有用:

You can try to validate the cert using CertificateValidation. I tried the following code and it worked for me:

options.CertificateValidation += ValidateServerCertificate;

...

public static bool ValidateServerCertificate(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

        return false;
    }

这篇关于使用 StackExchange.Redis 与 Redis 的 SSL 连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！