Home: dotnet core 3.0 (master nightly build) restore fails on Ubuntu for invalid certificate
_From @ccic on Wednesday, May 29, 2019 2:00:48 AM_
Steps to reproduce
Install dotnet core nightly build 3.0.100-preview6-012026 on Ubuntu 16.04.4 LTS.
"OpenSSL 1.0.2g 1 Mar 2016" or "OpenSSL 1.1.1 11 Sep 2018"
Create a new webapp project through dotnet cli:
dotnet new webapp -n WebApp1 -o WebApp1
The template "ASP.NET Core Web App" was created successfully.
This template contains technologies from parties other than Microsoft, see https://aka.ms/aspnetcore-template-3pn-210 for details.
Processing post-creation actions...
Running 'dotnet restore' on WebApp1/WebApp1.csproj...
/home/hongjiang/.dotnet-nightly/sdk/3.0.100-preview6-012026/NuGet.targets(123,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/home/hongjiang/CodeTest/C#/WebApp1/WebApp1.csproj]
/home/hongjiang/.dotnet-nightly/sdk/3.0.100-preview6-012026/NuGet.targets(123,5): error : The SSL connection could not be established, see inner exception. [/home/hongjiang/CodeTest/C#/WebApp1/WebApp1.csproj]
/home/hongjiang/.dotnet-nightly/sdk/3.0.100-preview6-012026/NuGet.targets(123,5): error : The remote certificate is invalid according to the validation procedure. [/home/hongjiang/CodeTest/C#/WebApp1/WebApp1.csproj]
Restore failed.
Post action failed.
Description: Restore NuGet packages required by this project.
Manual instructions: Run 'dotnet restore'
Go to WebApp1 and run "dotnet restore -v diag" and get the following errors:
NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source https://api.nuget.org/v3/index.json. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
Expected behavior
Actual behavior
Environment data
dotnet --info output:
.NET Core SDK (reflecting any global.json):
Version: 3.0.100-preview6-012026
Commit: 8f2806e85e
Runtime Environment:
OS Name: ubuntu
OS Version: 16.04
OS Platform: Linux
RID: ubuntu.16.04-x64
Base Path: /home/hongjiang/.dotnet-nightly/sdk/3.0.100-preview6-012026/
Host (useful for support):
Version: 3.0.0-preview6-27720-04
Commit: cdfc67fd8e
.NET Core SDKs installed:
3.0.100-preview6-012026 [/home/hongjiang/.dotnet-nightly/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.App 3.0.0-preview6-19270-04 [/home/hongjiang/.dotnet-nightly/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.6 [/home/hongjiang/.dotnet-nightly/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 3.0.0-preview6-27720-04 [/home/hongjiang/.dotnet-nightly/shared/Microsoft.NETCore.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
_Copied from original issue: dotnet/cli#11433_
livarcocc
All 11 comments
Is this something consistently reproducible? Can you connect to nuget.org in the browser.
It's happening to NuGet, but it's not necessarily indicative of a client problem.
/cc @scottbommarito maybe he knows if there are any reports about nuget.org's certs.
nkolev92
on 30 May 2019
Could this be related to https://github.com/dotnet/corefx/issues/32224?
loic-sharma
on 30 May 2019
@nkolev92 It consistently happens on Linux. But if I run the same command on windows 10, everything is fine. So, I guess it is related to certificate verification on Linux.
ccic
on 30 May 2019
@loic-sharma It has similar phenomenon as dotnet/corefx#32224. The difference is I used openssl 1.1.1. I also tried on Ubuntu 18.04, it also reports the same errors.
ccic
on 30 May 2019
@ccic Are these machines that you manage?
nkolev92
on 30 May 2019
@nkolev92 Yes, it was created by myself for development and test.
clovertrail
on 31 May 2019
I found it was caused by my wrong configuration of SSL CA certificate path.
After I update openssl to 1.1.1, the CA path is modified to "/usr/local/ssl/certs", but it is an empty folder. Before updating openssl, the old version points to "/usr/lib/ssl/certs". After I manually link "/usr/local/ssl/certs" to /etc/ssl/certs. This error disappears.
ccic
on 31 May 2019
Thanks for following up.
Closing this per your comment.
nkolev92
on 31 May 2019
opensuse tumbleweed:
003dotnet/worker100> dotnet-sdk.dotnet run
/snap/dotnet-sdk/41/sdk/3.0.100-preview6-012264/NuGet.targets(123,5): error : Не удалось загрузить индекс службы для источника https://api.nuget.org/v3/index.json. [/b6w/003dotnet/worker100/worker100.csproj]
/snap/dotnet-sdk/41/sdk/3.0.100-preview6-012264/NuGet.targets(123,5): error : The SSL connection could not be established, see inner exception. [/b6w/003dotnet/worker100/worker100.csproj]
/snap/dotnet-sdk/41/sdk/3.0.100-preview6-012264/NuGet.targets(123,5): error : The remote certificate is invalid according to the validation procedure. [/b6w/003dotnet/worker100/worker100.csproj]
The build failed. Fix the build errors and run again.
003dotnet/worker100> dotnet-sdk.dotnet --info
Пакет SDK для .NET Core (отражающий любой global.json):
Version: 3.0.100-preview6-012264
Commit: be3f0c1a03
Среда выполнения:
OS Name: opensuse-tumbleweed
OS Version: 20190621
OS Platform: Linux
RID: linux-x64
Base Path: /snap/dotnet-sdk/41/sdk/3.0.100-preview6-012264/
Host (useful for support):
Version: 3.0.0-preview6-27804-01
Commit: fdf81c6faf
.NET Core SDKs installed:
3.0.100-preview6-012264 [/snap/dotnet-sdk/41/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.App 3.0.0-preview6.19307.2 [/snap/dotnet-sdk/41/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 3.0.0-preview6-27804-01 [/snap/dotnet-sdk/41/shared/Microsoft.NETCore.App]
nex0ma
on 24 Jun 2019
do not worked this projects:
-reactredux
-nunit
-grpc
-angular
-xunit
-nunit
-proto
Worked:
- console
- webapi
- web
- mvc
- blazor
nex0ma
on 24 Jun 2019
I also has this problem when i used jenkins automaticly build c# project with command "dotnet restore".
the server is windows 2008R2.
but it works well as in my own develop computer.
the error shows details below:
gouhan
on 2 Nov 2020
Related issues
blackcity
·
3Comments
augustoproiete
·
3Comments
vsfeedback
·
3Comments
blackchoey
·
3Comments
livarcocc
·
3Comments
Most helpful comment
I found it was caused by my wrong configuration of SSL CA certificate path.
After I update openssl to 1.1.1, the CA path is modified to "/usr/local/ssl/certs", but it is an empty folder. Before updating openssl, the old version points to "/usr/lib/ssl/certs". After I manually link "/usr/local/ssl/certs" to /etc/ssl/certs. This error disappears.