定期的ServiceBus错误“当使用Azure WebSites时,X.509证书CN = s

发布时间：2020-12-13 20:12:14 所属栏目：Windows 来源：网络整理

导读：我有几个在Azure中运行的网站,集中在一个地区使用ServiceBus(也托管在Azure中). 有时(每2-3天一次),我在所有网站上同时出现同样的错误(在阅读/等待消息时)： Microsoft.ServiceBus.Messaging.MessagingCommunicationException: The X.509 certificate CN=ser

我有几个在Azure中运行的网站,集中在一个地区使用ServiceBus(也托管在Azure中).

有时(每2-3天一次),我在所有网站上同时出现同样的错误(在阅读/等待消息时)：

Microsoft.ServiceBus.Messaging.MessagingCommunicationException: 
 The X.509 certificate CN=servicebus.windows.net is not in the trusted people store.
  The X.509 certificate CN=servicebus.windows.net chain building failed. 
   The certificate that was used has a trust chain that cannot be verified. 
    Replace the certificate or change the certificateValidationMode. 
     A certificate chain could not be built to a trusted root authority.

全栈跟踪：

Microsoft.ServiceBus.Messaging.MessagingCommunicationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
 ---> System.ServiceModel.Security.SecurityNegotiationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
 ---> System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.

   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeInitiator.InitiateUpgradeAsyncResult.OnCompleteAuthenticateAsClient(IAsyncResult result)
   --- End of inner exception stack trace ---

Server stack trace: 
   at Microsoft.ServiceBus.Messaging.Channels.SharedChannel`1.CreateChannelAsyncResult.<GetAsyncSteps>d__7.MoveNext()
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult.AsyncCompletionWrapperCallback(IAsyncResult result)

Exception rethrown at [0]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.SharedChannel`1.OnEndCreateInstance(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.SingletonManager`1.EndGetInstance(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.RequestAsyncResult.<GetAsyncSteps>b__2(RequestAsyncResult thisPtr,IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [1]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.EndRequest(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.RedirectBindingElement.RedirectContainerChannelFactory`1.RedirectContainerSessionChannel.RequestAsyncResult.<>c__DisplayClass17.<GetAsyncSteps>b__a(RequestAsyncResult thisPtr,IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [2]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Sbmp.RedirectBindingElement.RedirectContainerChannelFactory`1.RedirectContainerSessionChannel.EndRequest(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.RequestAsyncResult.<GetAsyncSteps>b__4(RequestAsyncResult thisPtr,IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [3]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.EndRequest(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.CloSEOrAbortLinkAsyncResult.<GetAsyncSteps>b__7(CloSEOrAbortLinkAsyncResult thisPtr,IAsyncResult a)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [4]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.AbandonPrefetchedMessagesCloseAbortAsyncResult.<GetAsyncSteps>b__41(AbandonPrefetchedMessagesCloseAbortAsyncResult thisPtr,IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [5]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.OnEndClose(IAsyncResult result)
   --- End of inner exception stack trace ---
   at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.OnEndClose(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.ClientEntity.OnClose(TimeSpan timeout)
   at Microsoft.ServiceBus.Messaging.ClientEntity.Close(TimeSpan timeout)
   at Olekstra.Common.QueueReader.<>c__DisplayClass3.<StartTask>b__2(Boolean force)

我正在使用最新版本的Microsoft.ServiceBus.dll NuGet软件包(2.4.0.0),所以Google的“证书验证在默认情况下关闭”在ServiceBus 1.8中是无用的 – 我没有将任何验证转换为ON,而且 – 它连续工作多个小时,每2-3天只会失败一次.

类似的answer关于自主应用程序也不适用 – 网站在Azure内部运行,托管虚拟机由MS员工管理,我不允许更新任何根证书.

有人知道为什么ServiceBus客户端有时会决定检查SSL证书,以及如何禁用此行为？

UPD：

我添加了< add key =“Microsoft.ServiceBus.X509RevocationMode”value =“NoCheck”/>在两周前的web.config中的appSettings中 – 没有区别.

反射器还显示MicrosoftServiceBus.Configuration.ConfigurationHelpers.GetCertificateRevocationMode()中的“NoCheck”值是默认值,

连接模式的改变可以解决您的问题.

ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Https

它通常是ConnectivityMode.AutoDetect

据MS支持的消息来源

“This will force all traffic to use a WebSockets tunnel that is
protected by a prior TLS/HTTPS handshake,and that handshake carries
the required intermediate certificate. The messaging protocol used
through that tunnel will still be AMQP or NetMessaging,so you should
not be worried to get HTTP characteristics when choosing this option.”

所以我认为证书只会在这种情况下被提取一次,这可能会在这一点引入一个额外的延迟,然后它被永久使用.看来你的异常风险大大降低似乎是合乎逻辑的.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!