文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
MCP广场
返回腾讯云官网
社区首页 >问答首页 >MQTTnet :无法连接TLS : Interop+AppleCrypto+SslException:坏协议版本

MQTTnet :无法连接TLS : Interop+AppleCrypto+SslException:坏协议版本
EN

Stack Overflow用户
提问于 2020-10-02 17:35:48
回答 3查看 1.8K关注 0票数 1

我是一个新的.NET核心用户,试图学习如何使用MQTTnet将托管客户端与MacOS Catalina上的TLS连接起来。

我正在尝试连接从ASP.NET核心3后台服务到一个莫斯基托经纪人。使用MqttExplorer,我能够使用用户名、密码和服务器证书(CA)文件成功地通过TLS连接到服务器。所以,我知道莫斯基托经纪人配置正确。

但是,我无法用MQTTnet实现这一点。

代码语言:javascript
运行
复制
using (var fileStream = new FileStream(_Config.Tls.CACerts, FileMode.Open))
                using (var memoryStream = new MemoryStream((int)fileStream.Length))
                {
                    fileStream.CopyTo(memoryStream);

                    _Logger.LogInformation($"Read file stream with length {memoryStream.Length} bytes, trying to connect with options:");
                    _Logger.LogInformation($"mqtt://{_Config.UserName}:{_Config.Password}/{_Config.Host}:{_Config.Port}");

                    _MqttOptions = new ManagedMqttClientOptionsBuilder()
                        .WithAutoReconnectDelay(TimeSpan.FromSeconds(5))
                        .WithClientOptions(new MqttClientOptionsBuilder()
                            .WithClientId(Guid.NewGuid().ToString())
                            .WithCredentials(_Config.UserName, _Config.Password)
                            .WithTcpServer(_Config.Host, _Config.Port)
                            .WithTls(
                                o =>
                                {
                                    o.UseTls = true;
                                    o.AllowUntrustedCertificates = true;
                                    o.SslProtocol = SslProtocols.Tls12;
#if WINDOWS_UWP
                                    o.Certificates = new List<byte[]>
                                    {
                                        new X509Certificate(memoryStream.ToArray()).Export(X509ContentType.Cert)
                                    };
#else
                                    o.Certificates = new List<X509Certificate>
                                    {
                                        new X509Certificate(memoryStream.ToArray())
                                    };
#endif

                                    o.CertificateValidationHandler = (context) =>
                                    {
                                        _Logger.LogInformation($"SSL POLICY ERRORS {context.SslPolicyErrors.ToString()}");
                                        return true;
                                    };
                                }
                            )
                            .Build())
                        .Build();
                }

我收到以下例外情况:

代码语言:javascript
运行
复制
MQTTnet.Exceptions.MqttCommunicationException: Authentication failed, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+AppleCrypto+SslException: bad protocol version
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_2(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at MQTTnet.Implementations.MqttTcpChannel.ConnectAsync(CancellationToken cancellationToken)
   at MQTTnet.Implementations.MqttTcpChannel.ConnectAsync(CancellationToken cancellationToken)
   at MQTTnet.Internal.MqttTaskTimeout.WaitAsync(Func`2 action, TimeSpan timeout, CancellationToken cancellationToken)
   at MQTTnet.Adapter.MqttChannelAdapter.ConnectAsync(TimeSpan timeout, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at MQTTnet.Adapter.MqttChannelAdapter.WrapException(Exception exception)
   at MQTTnet.Adapter.MqttChannelAdapter.ConnectAsync(TimeSpan timeout, CancellationToken cancellationToken)
   at MQTTnet.Client.MqttClient.ConnectAsync(IMqttClientOptions options, CancellationToken cancellationToken)
>> [2020-10-02T16:07:03.9254330Z] [4] [MqttClient] [Verbose]: Disconnecting [Timeout=00:00:10]
>> [2020-10-02T16:07:03.9255750Z] [4] [MqttClient] [Verbose]: Disconnected from adapter.
>> [2020-10-02T16:07:03.9256240Z] [4] [MqttClient] [Info]: Disconnected.

此外,还明确地尝试将WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V311)添加到客户端选项生成器中。

有人能帮忙吗?

.net-core
mqttnet
EN

回答 3

Stack Overflow用户

回答已采纳

发布于 2020-10-05 15:06:13

设法让它起作用了!

问题是蚊子经纪人被配置成只使用Tls v1.3。但是,对于dotnet核心3.1tls1.3,macOS环境似乎不支持吗?如果OpenSSL1.1.1可用,它就可以在Linux环境中使用。

我已经降级了蚊帐代理配置,使用tls版本1.2,上面的代码现在连接。

如果有人已经设法获得一个dotnet核心3.1客户端连接到蚊帐经纪人使用tlsv1.3,那么任何细节将不胜感激。

票数 1
EN

Stack Overflow用户

发布于 2020-10-03 22:13:02

github上也有类似的问题。

作为解决办法,一个用户建议如下cli命令:

代码语言:javascript
运行
复制
dotnet dev-certs https
dotnet dev-certs https --trust

关于他们的一些文档。

信任Windows和macOS上的macOS核心HTTPS开发证书

安装.NET Core会将ASP.NET Core开发证书安装到本地用户证书存储区。证书已安装,但不受信任。若要信任证书,请执行一次性步骤以运行dotnet dev-certs工具:

票数 0
EN

Stack Overflow用户

发布于 2022-05-24 08:31:31

通过Google登陆这里,因为我在本地调试时出现了以下错误(Rangeand.NET 6webapi)

System.IO.IOException:解密操作失败,请参阅内部异常。-> Interop+AppleCrypto+SslException: misc.不良证书

我试过了

代码语言:javascript
运行
复制
dotnet dev-certs https
dotnet dev-certs https --trust

但没有运气。

最终帮助我找到浏览器中本地运行api的URL时,我收到了一条“警告:潜在的安全风险”消息。在单击“高级->接受风险并继续”之后,我的呼叫成功了。

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/64175979

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档