此代碼適用于 PS5,但不適用于 PS7。它不會拋出任何錯誤,它只是不顯示證書
$url = "https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest"
$req = [Net.HttpWebRequest]::Create($url)
$req.GetResponse() | Out-Null
$req.ServicePoint.Certificate | Format-List
PS5 輸出:
> $req.ServicePoint
BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address : https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest
MaxIdleTime : 100000
UseNagleAlgorithm : True
ReceiveBufferSize : -1
Expect100Continue : True
IdleSince : 1/7/2022 10:30:21 AM
ProtocolVersion : 1.1
ConnectionName : https
ConnectionLimit : 2
CurrentConnections : 2
Certificate : System.Security.Cryptography.X509Certificates.X509Certificate
ClientCertificate :
SupportsPipelining : True
> $req.ServicePoint.Certificate | Format-List
Handle : 2520270205792
Issuer : CN=Microsoft Azure TLS Issuing CA 05, O=Microsoft Corporation, C=US
Subject : CN=mcr.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US
PS7 輸出:
> $req.ServicePoint
BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address : https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest
MaxIdleTime : 100000
UseNagleAlgorithm : True
ReceiveBufferSize : -1
Expect100Continue : True
IdleSince : 07/01/2022 10:27:17
ProtocolVersion : 1.1
ConnectionName : https
ConnectionLimit : 2
CurrentConnections : 0
Certificate :
ClientCertificate :
SupportsPipelining : True
為什么 PowerShell 7 不回傳[Net.HttpWebRequest]. 有沒有其他選擇?
uj5u.com熱心網友回復:
該HttpWebRequestAPI面還沒有完全移植到.NET /核心的新版本,如詳述這個問題Github上:
HttpWebRequest是已過時的 API - 請參閱https://github.com/dotnet/platform-compat/blob/master/docs/DE0003.md。
我們僅將其中最重要的部分移植到 .NET Core。 推薦的網路 API 是HttpClient.
要使用 來檢查遠程證書HttpClient,您需要利用證書驗證回呼 - 在 PowerShell 7 中,它看起來像這樣:
$url = "https://mcr.microsoft.com/v2/azure-app-service/samples/aspnethelloworld/manifests/latest"
# Create a (thread-safe) hashtable to hold any certificates discovered
$certTable = [hashtable]::Synchronized(@{})
# Create a handler
$handler = [System.Net.Http.HttpClientHandler]::new()
# Attach a custom validation callback that saves the remote certificate to the hashtable
$handler.ServerCertificateCustomValidationCallback = {
param(
[System.Net.Http.HttpRequestMessage]$Msg,
[System.Security.Cryptography.X509Certificates.X509Certificate2]$Cert,
[System.Security.Cryptography.X509Certificates.X509Chain]$Chain,
[System.Net.Security.SslPolicyErrors]$SslErrors
)
# Save the certificate
$certTable[$Msg.RequestUri] = $Cert
# Leave actual policy validation as-is
return [System.Net.Security.SslPolicyErrors]::None -eq $SslErrors
}.GetNewClosure()
# Create a new http client with our custom handler attached
$client = [System.Net.Http.HttpClient]::new($handler)
# Prepare request message
$request = [System.Net.Http.HttpRequestMessage]::new([System.Net.Http.HttpMethod]::Get, $url)
# Send request
$response = $client.Send($request)
# callback routine will now have populated the table with the certificate
$certTable[$request.RequestUri]
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/405495.html
標籤: