首页 > 其他分享 >curl支持ssl报错:(60) SSL certificate problem: unable to get local issuer certificate

curl支持ssl报错:(60) SSL certificate problem: unable to get local issuer certificate

时间:2024-01-27 20:11:45浏览次数:33  
标签:TLS handshake certificate SSL 报错 SSLv3 curl

 

curl去访问https的站点报错:

curl -v https://www.baidu.com
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

 

看了一下curl是支持ssl的

curl -V
curl 7.29.0 (mipsel-openwrt-linux-gnu) libcurl/7.29.0 OpenSSL/1.0.1e zlib/1.2.7
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

curl的命令也是支持的

curl -h|grep ssl
     --ftp-ssl-ccc   Send CCC after authenticating (F)
     --ftp-ssl-ccc-mode ACTIVE/PASSIVE  Set CCC mode (F)
     --ftp-ssl-control Require SSL/TLS for ftp login, clear for transfer (F)
     --ssl           Try SSL/TLS (FTP, IMAP, POP3, SMTP)
     --ssl-reqd      Require SSL/TLS (FTP, IMAP, POP3, SMTP)
 -2, --sslv2         Use SSLv2 (SSL)
 -3, --sslv3         Use SSLv3 (SSL)
     --ssl-allow-beast Allow security flaw to improve interop (SSL)

觉得很奇怪啊,为啥报错,仔细看了一下报错信息:unable to get local issuer certificate。原来是找不到本地的证书。找了找本地确实没有证书,尴尬。
并且错误提示里面给了证书下载地址:

http://curl.haxx.se/docs/sslcerts.html

找到证书下载地址:

https://curl.haxx.se/ca/cacert.pem

下载成功后,放到板子上,我是放在这个路径下了

/etc/curlssl/cacert.pem

然后配置到环境变量

export CURL_CA_BUNDLE=/etc/curlssl/cacert.pem

然后访问下百度:

curl -v https://www.baidu.com
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.baidu.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
< Connection: Keep-Alive
< Content-Length: 2443
< Content-Type: text/html
< Date: Mon, 25 Mar 2019 03:18:39 GMT
< Etag: "588603ec-98b"
< Last-Modified: Mon, 23 Jan 2017 13:23:56 GMT
< Pragma: no-cache
< Server: bfe/1.0.8.18
< Set-Cookie: BDORZ=27315; max-age=86400; domain=.baidu.com; path=/
< 
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus=autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn" autofocus></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=https://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&amp;tpl=mn&amp;u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');
                </script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>&copy;2017&nbsp;Baidu&nbsp;<a href=http://www.baidu.com/duty/>使用百度前必读</a>&nbsp; <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a>&nbsp;京ICP证030173号&nbsp; <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>

 

 

 

 

 

转 : https://blog.csdn.net/lixuande19871015/article/details/88788699

标签:TLS,handshake,certificate,SSL,报错,SSLv3,curl
From: https://www.cnblogs.com/fps2tao/p/17991863

相关文章

  • 大语言模型(LLM)运行报错:AttributeError: module 'streamlit' has no attribute 'cache_
    解决方法:......
  • 报错AttributeError: can't set attribute (image.mode = desired_mode)
      docker容器中安装了pillow包,以及imageio[ffmpeg],运行程序时报错AttributeError:can'tsetattribute(image.mode=desired_mode),发现imageio==2.31.5版本与pillow==10.1.0版本不兼容导致报错,只需将pillow版本降低固定为10.0即可,最近pillow==10.2.0版本也发行了,这个不......
  • Linux之openssl实现私有CA
    一、简介Centos7.9通过openssl工具构建一个私有的CA,用于颁发证书。验证私有CA为httpd应用签署证书二、构建私有CA1、编辑CA的配置文件[root@HLWHOSTtls]#pwd/etc/pki/tls[root@HLWHOSTtls]#cat/etc/pki/tls/openssl.cnf...########################################......
  • SpringBoot启动项目报错:java.lang.UnsatisfiedLinkError: D:\files\software\jdk-1
    目录问题描述解决方法:问题描述在运行向的时候出现报错:java.lang.UnsatisfiedLinkError:D:\files\software\jdk-15.0.1\jdk-17.0.3.1\bin\tcnative-1.dll:Can'tloadIA32-bit.dllonaAMD64-bitplatform atjava.base/jdk.internal.loader.NativeLibraries.load(Native......
  • Error: EPERM: operation not permitted, mkdir 'F:\'——因权限不够报错
      我的报错内容如上图在网上找了很多解决办法,如下:下面的方案我都试过了,最终是成功了方案一:以管理员身份运行 方案二:重新配置环境变量将npm安装的全局模块所在的路径,以及缓存cache的路径放在其他目录中【试了,再执行方案一成功了】因为我没有截图,把我搜到的解决方法链......
  • 在springboot中controller控制器的crud语句@RequestBody遗落的报错
    在进行java练习的过程中,对一个单链表进行增删改查时发现了如下错误:对编译器的控制台进行检查之后,发现了报错语句如下:2024-01-2619:43:52.551ERROR18544---[p-nio-80-exec-5]o.a.c.c.C.[.[.[/].[dispatcherServlet]:Servlet.service()forservlet[dispatcherSe......
  • k8s 报错: node(s) didn't match Pod's node affinity.
    前言k8s集群中,有pod出现了Affinity,使用kubectldescribepod命令,发现了报错2node(s)didn'tmatchPod'snodeaffinity.这是因为节点被打上了污点,导致了pod没有节点可以起来解决kubectlgetnodes-ojson|jq'.items[].spec'orkubectlgetnodes-oyaml找到......
  • ESXI VIB升级报错
    一、兼容性问题1、通过VIB升级ESXI时,可能会出现类似的报错2、此报错是由于已安装的VIB软件版本与升级版本兼容性存在问题,可以先根据上述报错进行查找3、移除不兼容条目4、提示移除成功后即可继续升级5、提示升级成功。......
  • dolphinscheduler集群 启动报错
    dolphinscheduler启动报错weidonghua@hadoop01:/opt/software/apache-dolphinscheduler-2.0.5-bin$./install.sh./install.sh:23:source:notfound1.replacefile./install.sh:30:[[:notfound./install.sh:36:[[:notfound2.createdirectory3.scpresources/o......
  • openssl
    openssl一、入门平台:linux(一)下载和使用1、直接安装执行以下命令,会安装OpenSSL的开发头文件和库文件sudoapt-getupdatesudoapt-getinstalllibssl-dev创建源代码文件main.cpp,内容如下#include<iostream>#include<openssl/evp.h>#include<openssl/rand.h>intm......