Net.HttpWebRequest 在 PowerShell7 中没有证书

问题描述 投票:0回答:2

此代码适用于 PS5,但不适用于 PS7。 它不会抛出任何错误,它只是不显示证书

$url = "https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest"
$req = [Net.HttpWebRequest]::Create($url)
$req.GetResponse() | Out-Null
$req.ServicePoint.Certificate | Format-List

PS5输出:

> $req.ServicePoint


BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address                : https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest
MaxIdleTime            : 100000
UseNagleAlgorithm      : True
ReceiveBufferSize      : -1
Expect100Continue      : True
IdleSince              : 1/7/2022 10:30:21 AM
ProtocolVersion        : 1.1
ConnectionName         : https
ConnectionLimit        : 2
CurrentConnections     : 2
Certificate            : System.Security.Cryptography.X509Certificates.X509Certificate
ClientCertificate      :
SupportsPipelining     : True

> $req.ServicePoint.Certificate | Format-List


Handle  : 2520270205792
Issuer  : CN=Microsoft Azure TLS Issuing CA 05, O=Microsoft Corporation, C=US
Subject : CN=mcr.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US

PS7输出:

> $req.ServicePoint

BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address                : https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest
MaxIdleTime            : 100000
UseNagleAlgorithm      : True
ReceiveBufferSize      : -1
Expect100Continue      : True
IdleSince              : 07/01/2022 10:27:17
ProtocolVersion        : 1.1
ConnectionName         : https
ConnectionLimit        : 2
CurrentConnections     : 0
Certificate            :
ClientCertificate      :
SupportsPipelining     : True

为什么 PowerShell 7 不返回

[Net.HttpWebRequest]
中的证书。还有其他选择吗?

powershell powershell-core
2个回答
4
投票

HttpWebRequest
API 界面尚未完全移植到较新版本的 .NET/Core,详见此 Github 问题

HttpWebRequest
是已过时的 API - 请参阅 https://github.com/dotnet/platform-compat/blob/master/docs/DE0003.md
我们仅将其最重要的部分移植到 .NET Core。 推荐的网络 API 是
HttpClient

要使用

HttpClient
检查远程证书,您需要利用证书验证回调 - 在 PowerShell 7 中,如下所示:

$url = "https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest"

# Create a (thread-safe) hashtable to hold any certificates discovered
$certTable = [hashtable]::Synchronized(@{})

# Create a handler
$handler = [System.Net.Http.HttpClientHandler]::new()

# Attach a custom validation callback that saves the remote certificate to the hashtable
$handler.ServerCertificateCustomValidationCallback = {
  param(
    [System.Net.Http.HttpRequestMessage]$Msg,
    [System.Security.Cryptography.X509Certificates.X509Certificate2]$Cert,
    [System.Security.Cryptography.X509Certificates.X509Chain]$Chain,
    [System.Net.Security.SslPolicyErrors]$SslErrors
  )

  # Save the certificate
  $certTable[$Msg.RequestUri] = $Cert

  # Leave actual policy validation as-is
  return [System.Net.Security.SslPolicyErrors]::None -eq $SslErrors
}.GetNewClosure()

# Create a new http client with our custom handler attached
$client = [System.Net.Http.HttpClient]::new($handler)

# Prepare request message
$request = [System.Net.Http.HttpRequestMessage]::new([System.Net.Http.HttpMethod]::Get, $url)

# Send request
$response = $client.Send($request)

# callback routine will now have populated the table with the certificate
$certTable[$request.RequestUri]

0
投票

我正在尝试使用上面由 Mathais R. Jessen 编写的脚本。然而,我不断得到

MethodInvocationException:
Line |
   3 |  $response = $client.Send($request)
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling "Send" with "1" argument(s): "The SSL connection could not be established, see inner exception.
"

PS版本7.4.2 Win11、服务器 2012R2 上的重现 将客户端的 Tls 版本更改为 1.2、1.3 没有帮助 关于如何解决此问题有什么想法吗?

© www.soinside.com 2019 - 2024. All rights reserved.