sdk icon indicating copy to clipboard operation
sdk copied to clipboard

Published 20 hours ago verified publisher icon dotnet

dotnet tool install with workaround NUGET_CERT_REVOCATION_MODE does no longer work

Open CPlusPlus17 opened this issue 4 months ago • 4 comments

Describe the bug

Since RC2 there seems a change in the TLS/SSL enforcement of dotnet tool install.

To Reproduce

Running this within our company with proxy:

/home/application/.dotnet/dotnet tool install --global dotnet-sonarscanner

Gives always the error "The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, OfflineRevocation". For .net 8 NUGET_CERT_REVOCATION_MODE worked to avoid this problem.

Exceptions (if any)

#16 1.510 --------------------------------------------------------------------------------------
22:03:38   #16 2.548 Unhandled exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
22:03:38   #16 2.561  ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, OfflineRevocation
22:03:38   #16 2.561    at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
22:03:38   #16 2.561    at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
22:03:38   #16 2.561    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
22:03:38   #16 2.561    --- End of inner exception stack trace ---
22:03:38   #16 2.561    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem)
22:03:38   #16 2.561    at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
22:03:38   #16 2.561    at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
22:03:38   #16 2.561    at Microsoft.DotNet.Cli.NuGetPackageDownloader.NuGetPackageDownloader.DownloadPackageAsync(PackageId packageId, NuGetVersion packageVersion, PackageSourceLocation packageSourceLocation, Boolean includePreview, Nullable`1 includeUnlisted, Nullable`1 downloadFolder, PackageSourceMapping packageSourceMapping, Boolean isTool)
22:03:38   #16 2.561    at Microsoft.DotNet.Cli.ToolPackage.ToolPackageDownloader.DownloadAndExtractPackage(PackageId packageId, INuGetPackageDownloader nugetPackageDownloader, String packagesRootPath, NuGetVersion packageVersion, PackageSourceLocation packageSourceLocation, Boolean includeUnlisted)
22:03:38   #16 2.561    at Microsoft.DotNet.Cli.ToolPackage.ToolPackageDownloader.<>c__DisplayClass8_0.<InstallPackage>b__0()
22:03:38   #16 2.561    at Microsoft.DotNet.Cli.TransactionalAction.Run[T](Func`1 action, Action commit, Action rollback)
22:03:38   #16 2.561    at Microsoft.DotNet.Tools.Tool.Install.ToolInstallGlobalOrToolPathCommand.<>c__DisplayClass22_0.<ExecuteInstallCommand>b__1()
22:03:38   #16 2.561    at Microsoft.DotNet.Tools.Tool.Install.ToolInstallGlobalOrToolPathCommand.RunWithHandlingInstallError(Action installAction, PackageId packageId)
22:03:38   #16 2.561    at Microsoft.DotNet.Tools.Tool.Install.ToolInstallGlobalOrToolPathCommand.ExecuteInstallCommand(PackageId packageId)
22:03:38   #16 2.561    at Microsoft.DotNet.Tools.Tool.Install.ToolInstallGlobalOrToolPathCommand.Execute()
22:03:38   #16 2.561    at Microsoft.DotNet.Tools.Tool.Install.ToolInstallCommand.Execute()
22:03:38   #16 2.561    at System.CommandLine.Invocation.InvocationPipeline.Invoke(ParseResult parseResult)
22:03:38   #16 2.561    at System.CommandLine.ParseResult.Invoke()
22:03:38   #16 2.561    at Microsoft.DotNet.Cli.Program.ProcessArgs(String[] args, TimeSpan startupTime, ITelemetry telemetryClient)
22:03:38   #16 ERROR: process "/bin/sh -c NUGET_CERT_REVOCATION_MODE=offline /home/application/.dotnet/dotnet tool install --global dotnet-sonarscanner" did not complete successfully: exit code: 1

Further technical details

  • Ubuntu Noble
  • dotnet-install.sh used for installation of SDK (dotnet-sdk-9.0.100-rc.2.24474.11-linux-x64)
  • SSL/TLS Proxy which breaks the connection and used custom CA (Chain is trusted)
  • 9.0.100-rc.1.24452.12 works without problems

CPlusPlus17 avatar Oct 11 '24 21:10 CPlusPlus17