Tuesday, November 16, 2021

[SOLVED] dotnet restore fails using corporate proxy

Issue

I just upgraded to dotnet core 2.1, but dotnet restore is failing. For some reason it is not using the http_proxy or https_proxy settings. Also supplying a nuget config file, with the correct proxy settings, does not help.

$ dotnet --info
.NET Core SDK (reflecting any global.json):
 Version:   2.1.300
 Commit:    adab45bf0c

Runtime Environment:
 OS Name:     rhel
 OS Version:  7
 OS Platform: Linux
 RID:         rhel.7-x64
 Base Path:   /usr/share/dotnet/sdk/2.1.300/

Host (useful for support):
  Version: 2.1.0
  Commit:  caa7b7e2ba

.NET Core SDKs installed:
  2.1.300 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.All 2.1.0 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.0 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 2.1.0 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

The error is:

gitlab-runner@ctxglc-vn02 $ dotnet restore -v n --configfile ~/NuGet.Config
Build started 6/12/18 2:15:05 PM.
     1>Project "/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj" on node 1 (Restore target(s)).
     1>Restore:
         Restoring packages for /home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj...
     1>/usr/share/dotnet/sdk/2.1.300/NuGet.targets(114,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj]
/usr/share/dotnet/sdk/2.1.300/NuGet.targets(114,5): error :   The SSL connection could not be established, see inner exception. [/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj]
/usr/share/dotnet/sdk/2.1.300/NuGet.targets(114,5): error :   error:2006D002:BIO routines:BIO_new_file:system lib [/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj]
     1>Done Building Project "/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj" (Restore target(s)) -- FAILED.

Build FAILED.

       "/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj" (Restore target) (1) ->
       (Restore target) ->
         /usr/share/dotnet/sdk/2.1.300/NuGet.targets(114,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj]
       /usr/share/dotnet/sdk/2.1.300/NuGet.targets(114,5): error :   The SSL connection could not be established, see inner exception. [/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj]
       /usr/share/dotnet/sdk/2.1.300/NuGet.targets(114,5): error :   error:2006D002:BIO routines:BIO_new_file:system lib [/home/gitlab-runner/builds/046a2bda/0/Project/ProjectApi/src/API/API.csproj]

    0 Warning(s)
    1 Error(s)

Time Elapsed 00:00:02.84

However when I do a curl I can connect with no problem.

$ curl -v https://api.nuget.org/v3/index.json
* About to connect() to proxy proxy.company.local port 8080 (#0)
*   Trying 1.1.1.1...
* Connected to proxy.company.local (1.1.1.1) port 8080 (#0)
* Establish HTTP proxy tunnel to api.nuget.org:443
> CONNECT api.nuget.org:443 HTTP/1.1
> Host: api.nuget.org:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established

Any hints on how to overcome this issue?


Solution

As it turns out the CA directory in CentOS7 located under /etc/pki/tls/certs/ is used. During dotnet build / restore all certs (*.crt) in this directory are loaded.

In my case one certificate did not have the right permissions 

chmod o+r /etc/pki/tls/certs/some_cert.crt

fixed dotnet build for none root users.



Answered By - Evert
at