使用 StackExchange.Redis 与 Redis 的 SSL 连接 [英] SSL connectivity to Redis with StackExchange.Redis
问题描述
我在 StackExchange.Redis 与 Redis 连接时遇到了一个非常奇怪的问题.
I am having a very weird issue with StackExchange.Redis to connect with Redis.
我在 Redis 数据库上启用了 SSL,但我无法使用以下代码使用 SSL 证书从客户端连接到 Redis 服务器.
I have enabled SSL on Redis database and I am not able to connect from client to Redis server with SSL certificate with below code.
static RedisConnectionFactory()
{
try
{
string connectionString = "rediscluster:13184";
var options = ConfigurationOptions.Parse(connectionString);
options.Password = "PASSWORD";
options.AllowAdmin = true;
options.AbortOnConnectFail = false;
options.Ssl = true;
options.SslHost = "HOSTNAME";
var certificate = GetCertificateFromThubprint();
options.CertificateSelection += delegate
{
return certificate;
};
Connection = new Lazy<ConnectionMultiplexer>(
() => ConnectionMultiplexer.Connect(options)
);
}
catch (Exception ex)
{
throw new Exception("Unable to connect to Cache Server " + ex);
}
}
public static ConnectionMultiplexer GetConnection() => Connection.Value;
public static IEnumerable<RedisKey> GetCacheKeys()
{
return GetConnection().GetServer("rediscluster", 13184).Keys();
}
// Find certificate based on Thumbprint
private static X509Certificate2 GetCertificateFromThubprint()
{
// Find certificate from "certificate store" based on thumbprint and return
StoreName CertStoreName = StoreName.Root;
string PFXThumbPrint = "NUMBER";
X509Store certLocalMachineStore = new X509Store(CertStoreName, StoreLocation.LocalMachine);
certLocalMachineStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certLocalMachineCollection = certLocalMachineStore.Certificates.Find(
X509FindType.FindByThumbprint, PFXThumbPrint, true);
certLocalMachineStore.Close();
return certLocalMachineCollection[0];
}
但是,如果我创建一个控制台应用程序并使用上述代码连接到 Redis,那么我可以连接,但是如果我使用 Web 应用程序中的相同代码连接到 Redis,则我无法连接.
However, If I create a console application and connect to Redis with above code then I am able to connect, but If I used same code from my web application to connect to redis then I am not able to connect.
不确定我是否遗漏了什么.
Not sure if I am missing something.
此外,我还浏览了mgravell"帖子
Also, I went through "mgravell" post
在那篇文章中,他配置了CertificateValidation"方法,在我的场景中,我希望 Redis 验证 SSL 证书.所以我没有实现验证.并实现了CertificateSelection"方法来提供客户端证书.
In that post he has configured "CertificateValidation" method, In my scenario I want Redis to validate SSL certificate. so I have not implementation validation. And implemented "CertificateSelection" method to provide client certificate.
推荐答案
您可以尝试使用 CertificateValidation 验证证书.我尝试了以下代码,它对我有用:
You can try to validate the cert using CertificateValidation. I tried the following code and it worked for me:
options.CertificateValidation += ValidateServerCertificate;
...
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
return false;
}
这篇关于使用 StackExchange.Redis 与 Redis 的 SSL 连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!