Re: Libssl error with dotnet sdk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 2023-02-28 07:53:31, Markus Schaaf wrote:
> Am 27.02.23 um 10:55 schrieb Sadeep Madurange:
> > Microsoft (R) Build Engine version 16.7.2+b60ddb6f4 for .NET
> > Copyright (C) Microsoft Corporation. All rights reserved.
> >    Determining projects to restore...
> > Terminating plugin 'CredentialProvider.Microsoft' due to an unrecoverable fault:  NuGet.Protocol.Plugins.ProtocolException: A plugin protocol exception occurred.
> >   ---> NuGet.Protocol.Plugins.ProtocolException: The SSL connection could not be established, see inner exception.
> 
> I know nothing about Dotnet etc. but this might come from missing
> certificates. Try to find out which CA-certificate is needed to authenticate
> the used NuGet-server. Your build environment is probably missing it.

Thanks for the advice, could you tell me a bit more about how to do
this? I tried to download and add the cert using the following
commands, but that didn't help.

echo -n | openssl s_client -connect api.nuget.org:443 | openssl x509 > ~/tmp/nuget.cert
certutil -d ~/.pki/nssdb/ -A -i ~/tmp/nuget.cert -n nuget -t C,, 

I also tried copying the certificate file to /usr/share/ca-certificates
as nuget.crt, but that didn't help either. If it's of any use, the
result of `openssl s_client -connect api.nuget.org:443` from my
machine:

CONNECTED(00000003)
---
Certificate chain
 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.nuget.org
   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure TLS Issuing CA 01
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jan 21 00:01:45 2023 GMT; NotAfter: Jan 16 00:01:45 2024 GMT
 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure TLS Issuing CA 01
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jul 29 12:30:00 2020 GMT; NotAfter: Jun 27 23:59:59 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIVTCCBj2gAwIBAgITMwCKR7l9SxXLPd/UWwAAAIpHuTANBgkqhkiG9w0BAQwF
ADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDEwHhcN
MjMwMTIxMDAwMTQ1WhcNMjQwMTE2MDAwMTQ1WjBiMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjEUMBIGA1UEAwwLKi5udWdldC5vcmcwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCbxN9MAIJ34Lf1AEj44LkC2UgeLw8V+SSFx6qOUJi9
gPYnic22Iqj1XE3IwOwuH5Jt1SVFKa5viwU6k4xlTxLkji8GpM3pG81ePo47uvd7
Al4aqDCrJ+gkGqqXp831heXh4As+dyedNvde4hzmOiDzm/q030hjOHp4sBKd8Idj
oGI86Qr3pnF2rVmzXbnvpu4CrAg9nruvNUJeFSVTTAzxCzW3wASKdfqlQv6B2VB/
gBjziSl5X817IXGbEAG1B3i4lfm/R5hoQ1xYqW60oOzhjvPzeYAAzXf7eRgk+xS+
OHSUdDrM1rQ5QThEa6Yu/sVwQErzabfXLh+DvmjWlVjtAgMBAAGjggQLMIIEBzCC
AX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA7s3QZNXbGs7FXLedtM0TojKHRny8
7N7DUUhZRnEftZsAAAGF0arIqQAABAMARzBFAiAxoj0u3pBnUjOE611q4NyOdj0L
bdrph9WL7qLoLwCimQIhAOc+AeSDizHGeY/ngv29g5YTPnDUV2s4p5R0RV8cvMJr
AHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGF0arIwQAABAMA
RzBFAiEAsxxM+5yU5NQkUXycaaWrhhzC4lIRqNHVm5Gt7tWfoLQCIDJdIIpQE/xn
lbrscmzjubty9bfQXF5fjAM3pAJxpcxzAHUAc9meiRtMlnigIH1HneayxhzQUV5x
GSqMa4AQesF3crUAAAGF0arJHAAABAMARjBEAiBHV5jLskdABW7zaWbGAvmIuJ94
zIQTPDA7NDKSSJIwxgIgZYVZ1Oh98Q6aFyKW0jb/xjbiQq3yBykFT3ChAKSfUegw
JwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA8BgkrBgEE
AYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O0AyH8NodXYKE5WmC86c+
AgFkAgElMIGuBggrBgEFBQcBAQSBoTCBnjBtBggrBgEFBQcwAoZhaHR0cDovL3d3
dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBBenVyZSUy
MFRMUyUyMElzc3VpbmclMjBDQSUyMDAxJTIwLSUyMHhzaWduLmNydDAtBggrBgEF
BQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9zb2Z0LmNvbS9vY3NwMB0GA1UdDgQW
BBSten6Ewo/bU7gE19Xhh5URD/GlgDAOBgNVHQ8BAf8EBAMCBLAwIQYDVR0RBBow
GIILKi5udWdldC5vcmeCCW51Z2V0Lm9yZzAMBgNVHRMBAf8EAjAAMGQGA1UdHwRd
MFswWaBXoFWGU2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01p
Y3Jvc29mdCUyMEF6dXJlJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDEuY3JsMGYG
A1UdIARfMF0wUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93
d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAIBgZn
gQwBAgIwHwYDVR0jBBgwFoAUDyBd16FXlduSzyvQx8J3BM5ygHYwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBDAUAA4ICAQBdXm3Efyeg
YjbWdq+fVeJgO0phUmbruVCsWKflbeuCyG/SXQ1wQb9vrFPjNEsIb6yBkPP8jRNQ
ThnUw8NNZT/QVmUu9wz8+Ru5qLUvlM7s5hfHLmSDjyEb8PbGNBGx97n3VNmrtSMJ
3BRBO3H6Hb3cw0N3spFFDGbWPH5f6keUY1ex/R9osfJ0ZujMz5NCsbNOVbQVcX4n
B+Ru/YQ8cSCpgunmCyl2n6/N4k5KM8PYZn1Pz1erRQpRxD4cBbvSBfpH9u7cnx3G
AHph9lEH9J9WoVm/IDoLGjywgV5HV97L3lqadDvV87sydz5fxDtqwk5GNzvcahUq
jnPuKCQFKIFAekJbvqRJNiJAHri4k6d1mbtTrLMlp83gwyWyeD17Xrax/7+0qzqa
FKnIF6IGf9pWUFvblNZXGnU1Q/87r4kKytcVsY3dyaIKb54kgZQKZYLN3q3GYMHV
kmJuHCIjrxP6vu7FcvOm6TEW98WPp+FVeEt0QyEyxfDi8grwhqWN+QI2/RLHn5Tf
T3btHenMLlYZGMBMX1Vc4xLzr63ZVZSJ0M8nvgFqcMDZ9CLjlKJQm8CD3rk8N/Za
way9zIc/ZWNLj5Z6fc5wXLZcaO0bTS1LaORG67DXlUGUVC2z0zEkvKxmxtFdcF+2
ma6dJvb9/ZtEcd7lmryDXgMR7RWsQmWeqQ==
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.nuget.org
issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure TLS Issuing CA 01
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4325 bytes and written 445 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: D9048597106A505FA79DA22339A11705DA12E2B345E20B5477A14D95C284A517
    Session-ID-ctx: 
    Master-Key: 9223C68C60AE9BF09C0C6ACFF68968B3C5E6E6EDF4EA2AD0242EBCD4CF75BFF5474ADA811F10AD8D743A0D3DFD0F7402
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - eb 28 27 fd b7 47 24 62-6f 3d 4a f8 76 76 e2 c9   .('..G$bo=J.vv..
    0010 - cd e4 3b 18 42 57 55 c7-9d b3 ea 1b e3 47 50 02   ..;.BWU......GP.
    0020 - 71 64 40 90 f6 00 3b 93-42 02 a5 09 5d 4b 55 7c   qd@...;.B...]KU|
    0030 - 52 7c 64 95 d5 87 8b 27-bb f8 5f 86 12 aa 41 83   R|d....'.._...A.
    0040 - 3b 88 e1 0e 4b 0c f5 77-40 8d 30 05 1a a6 4b 8b   ;...K..w@.0...K.
    0050 - 1f 6e 23 1d 41 d3 c9 d1-5f fb 01 92 c2 9a 57 1c   .n#.A..._.....W.
    0060 - 6d e3 c8 42 f7 a7 4d 4d-3e da c4 b5 ab c5 ad d7   m..B..MM>.......
    0070 - db 9b d1 42 d1 be d4 ad-45 bb 06 07 14 af b9 50   ...B....E......P
    0080 - 8f e3 b1 7c ab f8 d9 d4-f3 c8 cb 89 60 41 5f db   ...|........`A_.
    0090 - 90 4a aa 79 c5 04 f8 67-b7 f4 1f 6a ef 48 54 9b   .J.y...g...j.HT.

    Start Time: 1678347464
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

-- 
Regards,
Sadeep
PGP: 103BF9E3E750BF7E

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux