问题
I'm trying to access https://geocoder.cit.api.here.com with .NET (F#) on mono. I'm using the Http helper from FSharp.Data using the following code:
let baseUrl = "https://geocoder.cit.api.here.com/6.2/geocode.json?searchtext=1701%20McFarland%20Blvd%20E%20Tuscaloosa%09%20AL&app_id=<Some app id>&app_code=<Some app code>"
let res = Http.RequestString(baseUrl)
Running this for me on OSX Sierra (10.12.2) with mono version 4.6.2 yields a SecureChannelFailure. How do I resolve this? I have tried mozroots --import --ask-remove but that didn't help. There are certs in ~/.config/.mono/certs/Trust.
I have even tried to bypass the check, since I'm just investigating the API, but that doesn't work either. The way I tried to bypass it is:
let callback = Security.RemoteCertificateValidationCallback(fun _ _ _ _ -> true)
ServicePointManager.ServerCertificateValidationCallback <- callback
回答1:
Using Mono 4.8+ you can assign the environment variable MONO_TLS_PROVIDER to btls before running your CIL-based .exe:
export MONO_TLS_PROVIDER=btls
mono someFSharpAssembly.exe
On via Xamarin Studio / Visual Studio for Mac assign it to a Run configuration:
If you then get an HttpRequestException:
Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED) ---> Mono.Btls.MonoBtlsException
It means that you do not have the certificates in the new format. Run the tool “btls-cert-sync” to convert your existing root certificates into the new file format. If “btls-cert-sync” complains that “The Old Trust Store does not exist”, you first need to tell Mono how to find these certificates, this page describes how to do it:
来源:https://stackoverflow.com/questions/41827960/how-do-i-resolve-securechannelfailure-on-osx-with-mono