此代码适用于 PS5,但不适用于 PS7。 它不会抛出任何错误,它只是不显示证书
$url = "https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest"
$req = [Net.HttpWebRequest]::Create($url)
$req.GetResponse() | Out-Null
$req.ServicePoint.Certificate | Format-List
PS5输出:
> $req.ServicePoint
BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address : https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest
MaxIdleTime : 100000
UseNagleAlgorithm : True
ReceiveBufferSize : -1
Expect100Continue : True
IdleSince : 1/7/2022 10:30:21 AM
ProtocolVersion : 1.1
ConnectionName : https
ConnectionLimit : 2
CurrentConnections : 2
Certificate : System.Security.Cryptography.X509Certificates.X509Certificate
ClientCertificate :
SupportsPipelining : True
> $req.ServicePoint.Certificate | Format-List
Handle : 2520270205792
Issuer : CN=Microsoft Azure TLS Issuing CA 05, O=Microsoft Corporation, C=US
Subject : CN=mcr.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US
PS7输出:
> $req.ServicePoint
BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address : https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest
MaxIdleTime : 100000
UseNagleAlgorithm : True
ReceiveBufferSize : -1
Expect100Continue : True
IdleSince : 07/01/2022 10:27:17
ProtocolVersion : 1.1
ConnectionName : https
ConnectionLimit : 2
CurrentConnections : 0
Certificate :
ClientCertificate :
SupportsPipelining : True
为什么 PowerShell 7 不返回
[Net.HttpWebRequest]
中的证书。还有其他选择吗?
HttpWebRequest
API 界面尚未完全移植到较新版本的 .NET/Core,详见此 Github 问题:
是已过时的 API - 请参阅 https://github.com/dotnet/platform-compat/blob/master/docs/DE0003.md。HttpWebRequest
我们仅将其最重要的部分移植到 .NET Core。 推荐的网络 API 是。HttpClient
要使用
HttpClient
检查远程证书,您需要利用证书验证回调 - 在 PowerShell 7 中,如下所示:
$url = "https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest"
# Create a (thread-safe) hashtable to hold any certificates discovered
$certTable = [hashtable]::Synchronized(@{})
# Create a handler
$handler = [System.Net.Http.HttpClientHandler]::new()
# Attach a custom validation callback that saves the remote certificate to the hashtable
$handler.ServerCertificateCustomValidationCallback = {
param(
[System.Net.Http.HttpRequestMessage]$Msg,
[System.Security.Cryptography.X509Certificates.X509Certificate2]$Cert,
[System.Security.Cryptography.X509Certificates.X509Chain]$Chain,
[System.Net.Security.SslPolicyErrors]$SslErrors
)
# Save the certificate
$certTable[$Msg.RequestUri] = $Cert
# Leave actual policy validation as-is
return [System.Net.Security.SslPolicyErrors]::None -eq $SslErrors
}.GetNewClosure()
# Create a new http client with our custom handler attached
$client = [System.Net.Http.HttpClient]::new($handler)
# Prepare request message
$request = [System.Net.Http.HttpRequestMessage]::new([System.Net.Http.HttpMethod]::Get, $url)
# Send request
$response = $client.Send($request)
# callback routine will now have populated the table with the certificate
$certTable[$request.RequestUri]
我正在尝试使用上面由 Mathais R. Jessen 编写的脚本。然而,我不断得到
MethodInvocationException:
Line |
3 | $response = $client.Send($request)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception calling "Send" with "1" argument(s): "The SSL connection could not be established, see inner exception.
"
PS版本7.4.2 Win11、服务器 2012R2 上的重现 将客户端的 Tls 版本更改为 1.2、1.3 没有帮助 关于如何解决此问题有什么想法吗?