问题
How to debug ssl handshake, preferably with curl?
I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.
Thanks in advance
回答1:
I have used this command to troubleshoot client certificate negotiation:
openssl s_client -connect www.test.com:443 -prexit
The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.
回答2:
curl -iv https://your.domain.io
That will give you cert and header output if you do not wish to use openssl command.
回答3:
curl probably does have some options for showing more information but for things like this I always use openssl s_client
With the -debug option this gives lots of useful information
Maybe I should add that this also works with non HTTP connections. So if you are doing "https", try the curl commands suggested below. If you aren't or want a second option openssl s_client might be good
来源:https://stackoverflow.com/questions/17742003/debugging-ssl-handshake