Die SSL -Verbindung konnte nicht hergestellt werden, siehe innere Ausnahme. Docker -Problem ⇐ C#

[Anonymous]

SSL -Handshake -Fehler in Docker: SSL_Error_SSL mit .NET 8 und OpenSSL

Ausgabe

Docker-Container ausführe, erhalte ich den folgenden Fehler, wenn ich eine HTTPS-Anfrage mit einem Client-Zertifikat erstelle:

dockerfile

Code: Select all

FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
USER root
RUN apt-get update && apt-get install -y ca-certificates

COPY ["InsuranceApi/sosMedecin.crt", "/usr/local/share/ca-certificates/sosMedecin.crt"]
RUN update-ca-certificates

USER $APP_UID
WORKDIR /app
EXPOSE 8080
EXPOSE 8081

FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src

COPY ["InsuranceApi/InsuranceApi.csproj", "InsuranceApi/"]
RUN dotnet restore "./InsuranceApi/InsuranceApi.csproj"
COPY .  .
WORKDIR "/src/InsuranceApi"
RUN dotnet build "./InsuranceApi.csproj" -c $BUILD_CONFIGURATION -o /app/build

FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./InsuranceApi.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app

COPY --from=publish /app/publish .
COPY ["InsuranceApi/sosMedecin.pfx", "/app/publish/sosMedecin.pfx"]

ENTRYPOINT ["dotnet", "InsuranceApi.dll"]

AuthenticationService.cs

Code: Select all

public class AuthenticationService
{
private readonly CertificateOptions _certificateOptions;
private readonly SsoOptions _ssoOptions;

public AuthenticationService(IOptions certificateOptions, IOptions ssoOptions)
{
_certificateOptions = certificateOptions.Value;
_ssoOptions = ssoOptions.Value;
}

public async Task GetSsoToken()
{
string? ssoToken = null;
HttpClientHandler handler = new HttpClientHandler();

try
{
// Adding client certificate to HttpClientHandler
handler.ClientCertificates.Add(new X509Certificate2(_certificateOptions.CertificatePath, _certificateOptions.CertificatePassword));

// Making the HTTP request to get the SSO token
using (var client = new HttpClient(handler))
{
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair("format", "text"),
new KeyValuePair("username", _ssoOptions.Username),
new KeyValuePair("password", _ssoOptions.Password),
new KeyValuePair("submit", "confirm")
});

HttpResponseMessage response = await client.PostAsync(_ssoOptions.SsoTokenUrl, content);

// If response contains the SSO token cookie
if (response.Headers.Contains("Set-Cookie"))
{
var cookieHeader = response.Headers
.GetValues("Set-Cookie")
.FirstOrDefault(c => c.StartsWith("SSOV2"));

if (!string.IsNullOrEmpty(cookieHeader))
{
ssoToken = cookieHeader.Split(';')[0].Split('=')[1];
}
else
{
throw new ArgumentNullException("Cookie with SSO token was not found.");
}
}
else
{
throw new ArgumentNullException($"SSO token not found in response.\nResponse: {await response.Content.ReadAsStringAsync()}");
}
}
}
catch (Exception ex)
{
// Log any errors and inner exceptions
Console.WriteLine($"Unexpected error: {ex.Message}");
while (ex.InnerException != null)
{
Console.WriteLine($"Inner Exception: {ex.InnerException.Message}");
ex = ex.InnerException;
}
throw;
}

return ssoToken;
}
}

Ich habe versucht, das Zertifikat mithilfe von Update-CA-Zertifikaten manuell in der Dockerfile hinzuzufügen, das Problem jedoch nicht behoben.