上下文我正在尝试使用AWS建议的证书连接到AWS中的postgres实例,以使这种连接成为可能。但我无法处理pem文件,因为它与System.Security.Cryptography有关。我尝试使用与您在这里使用的逻辑相同的逻辑来更快地复制它:https://github.com/npgsql/npgsql/blob/3d41e7b629d727349218226a0f99489e6ffa05bb/src/Npgsql/Internal/NpgsqlConnector.cs#L747
我也得到了同样的结果。
复制的步骤
config = {
"SslMode": "Require",
"TrustServerCertificate" : true,
"SslCertificate" : "rds-ca-2019-root.pem"
... other config
}
证书可以从这里获得:https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
问题甚至无法测试它是否正在连接,因为pem文件处理异常。
Exception message: The certificate contents do not contain a PEM with a CERTIFICATE label, or the content is malformed.
Stack trace: at System.Security.Cryptography.X509Certificates.X509Certificate2.ExtractKeyFromPem[TAlg](ReadOnlySpan`1 keyPem, String[] labels, Func`1 factory, Func`2 import)
at System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem(ReadOnlySpan`1 certPem, ReadOnlySpan`1 keyPem)
at System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPemFile(String certPemFilePath, String keyPemFilePath)
at Npgsql.Internal.NpgsqlConnector.RawOpen(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt)
at Npgsql.Internal.NpgsqlConnector.<Open>g__OpenCore|191_1(NpgsqlConnector conn, SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt)
at Npgsql.Internal.NpgsqlConnector.Open(NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.ConnectorPool.OpenNewConnector(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.ConnectorPool.<Get>g__RentAsync|28_0(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlConnection.<Open>g__OpenAsync|45_0(Boolean async, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteNonQueryAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(DatabaseFacade databaseFacade, String sql, IEnumerable`1 parameters, CancellationToken cancellationToken)
at Starbucks.Pse.Menu.WebApi.Controllers.DebugController.Postgres() in /codebuild/output/src291905476/src/scm.starbucks.com/dpapi/pse-menu-service/Pse.Menu.WebApi/Controllers/DebugController.cs:line 71
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
System.Security.Cryptography.CryptographicException: 'The certificate contents do not contain a PEM with a CERTIFICATE label, or the content is malformed.'
System.Security.Cryptography.CryptographicException:"证书内容不包含带有certificate标签的PEM,或者内容格式不正确。">
进一步的技术细节Npgsql版本:6.0.6PostgreSQL版本:13操作系统:debian
这也作为一个问题发布在Github中:https://github.com/npgsql/npgsql/issues/4675
我对postgres的不同SSL配置有一个误解。
对于该特定配置
config = {
"SslMode": "Require",
"TrustServerCertificate" : true,
"SslCertificate" : "rds-ca-2019-root.pem"
... other config
}
您需要使用SSL密钥,否则将无法正确加载和理解pem文件。
因为带有AWS证书的escenario基本上是信任根权限并使用证书的,所以您需要如下配置它:
config = {
"SslMode": "VerifyCA",
// Delete this
// "TrustServerCertificate" : true,
"SslCertificate" : "rds-ca-2019-root.pem"
... other config
}
您必须做的另一件事是将pem文件包含在您的有效CA权限中。
希望得到帮助。