Ssl 从HTTP重定向到HTTPS后,curl无法验证自签名证书
我对自签名SSL证书和curl有问题 服务器是lighttpd。HTTPS工作正常:Ssl 从HTTP重定向到HTTPS后,curl无法验证自签名证书,ssl,curl,Ssl,Curl,我对自签名SSL证书和curl有问题 服务器是lighttpd。HTTPS工作正常: $ curl https://192.168.144.1/zxc -k HELLO 但通过HTTP重定向,它会失败: curl http://192.168.144.1:81/zxc -kvL * Trying 192.168.144.1... * TCP_NODELAY set * Connected to 192.168.144.1 (192.168.144.1) port 81 (#0) >
$ curl https://192.168.144.1/zxc -k
HELLO
但通过HTTP重定向,它会失败:
curl http://192.168.144.1:81/zxc -kvL
* Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#0)
> GET /zxc HTTP/1.1
> Host: 192.168.144.1:81
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
< Content-Length: 0
< Date: Sat, 30 May 2020 06:59:57 GMT
< Server: lighttpd/1.4.48
<
* Connection #0 to host 192.168.144.1 left intact
* Issue another request to this URL: 'https://192.168.144.1:81/zxc'
* Hostname 192.168.144.1 was found in DNS cache
* Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
........... HERE IT STACKS FOR A MINUTE ....................
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
* stopped the pause stream!
* Closing connection 1
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
curlhttp://192.168.144.1:81/zxc -kvL
*正在尝试192.168.144.1。。。
*TCP_节点集
*连接到192.168.144.1(192.168.144.1)端口81(0)
>GET/zxc HTTP/1.1
>主持人:192.168.144.1:81
>用户代理:curl/7.54.0
>接受:*/*
>
我在这里找到了一个可能的解决方案:CURLOPT_SSL_VERIFYPEER=false。如何将其传递给CURL CLI
> * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
错误是SSL\u error\u SYSCALL
,这与证书验证无关。事实上,仔细看看您正在做什么,就会发现您正在从端口81上的纯HTTP重定向到同一端口上的HTTPS
curl http://192.168.144.1:81/zxc -kvL
...
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
curlhttp://192.168.144.1:81/zxc -kvL
...
这与之前在标准端口(443)上使用HTTPS的测试非常不同。而且很可能您的HTTP服务器在同一端口81上不使用HTTP和HTTPS-大多数服务器甚至不支持这种配置。我也遇到过类似的问题,并已通过确保证书中的私钥格式正确进行了修复。
您使用的是Mac电脑吗?我看到/etc/ssl/cert.pem中的证书今天过期了。我的莫哈韦电脑也有同样的问题,我不知道如何更新,也不知道如何更新?我的Catalina计算机有一个更新的证书,我想知道是否可以复制它。谢谢。我提出了一个关于如何解决这个问题的新问题。请看一看