centos 8 on build docker error :Encryption(ssl/tls) handshake failed

Question

我尝试运行它从Visual Studio代码可以找到本地数据库并连接到它。更改数据库设置环境变量运行 docker 容器，但是当我运行 docker 容器中的应用程序无法连接到运行ning 容器的数据库时returns 这个错误：

我尝试 openssl build tecmint.local.crt 和 tecmint.local.key 将tecmint.local.crt文件复制到两个目录：

/usr/local/share/ca-certificates/extra

和

/etc/pki/ca-trust/source/anchors

#centos 8目录#

[root@localhost extra]# cd /etc/ssl/private
[root@localhost private]# ls
tecmint.local.crt  tecmint.local.key
[root@localhost extra]# cd /etc/pki/ca-trust/source/anchors
[root@localhost anchors]# ls
openssl-1.1.1k  openssl-1.1.1k.tar.gz  tecmint.local.crt
[root@localhost anchors]# cd /usr/local/share/ca-certificates/extra
[root@localhost extra]# ls
tecmint.local.crt

然后docker运行docker文件
并使用 :

将证书挂载到 Docker 容器中

docker run -v /usr/local/share/ca-certificates/extra:/app/build -d 39bc3b53bb17 "update-ca-certificates"

#Docker文件#

FROM mcr.microsoft.com/dotnet/aspnet:5.0-focal AS base
WORKDIR /app
EXPOSE 8000

ENV ASPNETCORE_ENVIRONMENT=Development
ENV ASPNETCORE_URLS=http://+:8000

RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser

FROM mcr.microsoft.com/dotnet/sdk:5.0-focal AS build
WORKDIR /src
COPY ["MVCVue.csproj", "./"]
RUN dotnet restore "MVCVue.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "MVCVue.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "MVCVue.csproj" -c Release -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MVCVue.dll"]

#启动#

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.AddDbContext<cpteContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("BloggingDatabase")));

           services.AddAntiforgery(opiton => {
           opiton.FormFieldName = "MyAntiForgeryField";
           opiton.HeaderName = "ANTI-TOKEN-HEADERNAME";
});
        }

#DbContext#

    public partial class testContext : DbContext
    {
        public cpteContext(){}
        public cpteContext(DbContextOptions<cpteContext> options)  : base(options){}
        public virtual DbSet<Board> Boards { get; set; }
        public virtual DbSet<Operator> Operators { get; set; }

        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
        {
            var configuration = new ConfigurationBuilder()
                            .SetBasePath(Directory.GetCurrentDirectory())
                            .AddJsonFile("appsettings.json")
                           .Build();
            if (!optionsBuilder.IsConfigured)
            {
                var connectionString = configuration.GetConnectionString("BloggingDatabase"); 
                optionsBuilder.UseSqlServer(connectionString);
            }

        }

#appsettings.json#

  "ConnectionStrings": {
    "BloggingDatabase": "Server=xxx.xxx.xxx.xxx;Database=testdb;Trusted_Connection=True;User Id=myid;Password=myPassword;Integrated Security=false;"
  },

Answer 1

在许多 Linux 发行版中，OpenSSL 配置文件位于 /etc/ssl/openssl.cnf.

代码add-inopenssl.cnf

openssl_conf = default_conf

[ default_conf ]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=2

参考：https://docs.microsoft.com/zh-tw/dotnet/core/compatibility/cryptography/5.0/default-cipher-suites-for-tls-on-linux
openssl.cnf复制到/usr/local/ssl/openssl.cnf

或

在 Dockerfile 中使用以下解决方法。

RUN sed -i 's/TLSv1.2/TLSv1.0/g' /etc/ssl/openssl.cnf

参考：https://github.com/microsoft/azuredatastudio/issues/11249

如果目标服务器强制执行 TLS 加密时服务器证书验证，您必须至少将此设置添加到您的连接字符串（以强制使用 SSL）：

trustservercertificate=true

参考：https://github.com/dotnet/SqlClient/issues/633

centos 8 on build docker error :Encryption(ssl/tls) handshake failed

centos 8 on build docker error :Encryption(ssl/tls) handshake failed

c#

ssl

centos

docker

asp.net-core