-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl certificate processing logic error #78957
Comments
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue DetailsDescriptionThe behavior on core and .NET Framework is inconsistent, and the SSL certificate cannot be handled correctly, resulting in the failure of business code Reproduction Stepssample code
When the above code is executed in all netcore versions, an error will occur and the file cannot be downloaded.(even if i ignore certificate error in But he works fine on .NET Framework Expected behaviorAble to download files normally Actual behaviornot working Regression?No response Known WorkaroundsNo response ConfigurationNo response Other informationNote that this is not our server and we have no control over server certificates
|
Did you actually try this with |
Tagging subscribers to this area: @dotnet/ncl Issue DetailsDescriptionThe behavior on core and .NET Framework is inconsistent, and the SSL certificate cannot be handled correctly, resulting in the failure of business code Reproduction Stepssample code
When the above code is executed in all netcore versions, an error will occur and the file cannot be downloaded.(even if i ignore certificate error in But he works fine on .NET Framework Expected behaviorAble to download files normally Actual behaviornot working Regression?No response Known WorkaroundsNo response ConfigurationNo response Other informationNote that this is not our server and we have no control over server certificates
|
I don't see any evidence that this is an SSL/TLS issue. According the to screenshot, the server responded with an HTTP 403, which indicates a TLS session was established. |
This issue has been marked |
Yes, I tried code using System.Net;
using System.Net.Http;
var addr = "https://pubuserqiniu.paperol.cn/181807649_54_q11_1665653480Ytkkdt.docx?attname=55_11_%e6%b0%b4%e5%ba%93%e7%94%9f%e6%80%81%e9%b1%bc%e7%b2%be%e5%87%86%e6%8d%95%e6%8d%9e%e6%97%a0%e6%8a%97%e8%bf%90%e8%be%9310.13.docx&e=1674795131&token=-kY3jr8KMC7l3KkIN3OcIs8Q4s40OfGgUHr1Rg4D:3QdoI-6iu-Bc6ebPLVzbvvQhC64=";
ServicePointManager.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ServerCertificateCustomValidationCallback =
(httpRequestMessage, cert, cetChain, policyErrors) =>
{
return true;
};
var h = new HttpClient(handler);
h.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62");
h.DefaultRequestHeaders.Add("Accept", "*/*");
h.DefaultRequestHeaders.Add("Accept-Encoding", "gzip,deflate");
var r = await h.GetByteArrayAsync(addr);
File.WriteAllBytes("test下载.docx",r); |
First of all, when using As a supplement, even if he is not an SSL problem, it should work just like I am posting the wireshark capture here, hoping to help analyze this problem. net7.0.200-wireshark.pcapng netframework-wireshark.pcapng |
I get
7.0.
This is curious as I would also expect same response. Framework also sends "Connection: Keep-alive" but that should not be needed as it is default for 1.1 and adding it explicitly did not make any difference. After some fiddling, I added |
@wfurt thanks for your investigation
After seeing your feedback, I used VS to test and found that, as you said, the result is 403 on both Framework and 7.0. When I asked this question, I used roslynpad for testing (not in VS). When run with roslynpad, he does download the file normally. This is the code comparison after decompiling the generated exe respectively: I'm currently very confused why there are different results, their runtime versions are the same. Perhaps there is some magic in the For reference and comparison, I use Python to download locally, and the Python code is as follows import urllib.request
url='https://pubuserqiniu.paperol.cn/181807649_54_q11_1665653480Ytkkdt.docx?attname=55_11_%e6%b0%b4%e5%ba%93%e7%94%9f%e6%80%81%e9%b1%bc%e7%b2%be%e5%87%86%e6%8d%95%e6%8d%9e%e6%97%a0%e6%8a%97%e8%bf%90%e8%be%9310.13.docx&e=1674795131&token=-kY3jr8KMC7l3KkIN3OcIs8Q4s40OfGgUHr1Rg4D:3QdoI-6iu-Bc6ebPLVzbvvQhC64='
urllib.request.urlretrieve(url,'test-py.docx') Maybe we need to further investigate whether there are any hidden dangers inside .net? |
I compared the |
right. The danger IMHO lives in the site that fails to respond to valid HTTP requests in consistent way. |
both. When I use |
Yes, but this is someone else's server and we have no control over it. But now we need to download documents from it. Now failing on .net for unknown reasons and having to move us to |
Use |
After some more tries, I found that it works fine on Framework 4.0 (includ in VS). This is probably not a very common problem (although we have), so feel free to close this issue. And I don't really think it will be fixed 😄 . |
Description
The behavior on core and .NET Framework is inconsistent, and the SSL certificate cannot be handled correctly, resulting in the failure of business code
Reproduction Steps
sample code
When the above code is executed in all netcore versions, an error will occur and the file cannot be downloaded.(even if i ignore certificate error in
ServerCertificateValidationCallback
,Of course, this also includesHttpClient
)..net 7.0.200 output
![image](https://user-images.githubusercontent.com/6604230/204479319-452b0381-919b-43b7-872e-6edbf2861069.png)
But he works fine on .NET Framework
Expected behavior
Able to download files normally
Actual behavior
not working
Regression?
No response
Known Workarounds
No response
Configuration
No response
Other information
Note that this is not our server and we have no control over server certificates
The text was updated successfully, but these errors were encountered: