1. 技术文章
  2. curl fails to verify self signed certificate after redirection from HTTP to HTTPS

curl fails to verify self signed certificate after redirection from HTTP to HTTPS

佐手、 提交于 2020-06-01 05:08:30

问题


I have a problem with self-signed SSL certificate and curl.

Server is lighttpd. HTTPS works fine:

$ curl https://192.168.144.1/zxc -k
HELLO

But with redirection from HTTP it fails:

curl http://192.168.144.1:81/zxc -kvL
*   Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#0)
> GET /zxc HTTP/1.1
> Host: 192.168.144.1:81
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
< Content-Length: 0
< Date: Sat, 30 May 2020 06:59:57 GMT
< Server: lighttpd/1.4.48
<
* Connection #0 to host 192.168.144.1 left intact
* Issue another request to this URL: 'https://192.168.144.1:81/zxc'
* Hostname 192.168.144.1 was found in DNS cache
*   Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):

........... HERE IT STACKS FOR A MINUTE ....................

* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
* stopped the pause stream!
* Closing connection 1
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81

One possible solution I found here https://stackoverflow.com/a/44494250/3743145: CURLOPT_SSL_VERIFYPEER=false. How to pass it to CURL CLI?


回答1:


> * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81

The error is SSL_ERROR_SYSCALL and this has nothing to do with certificate validation. In fact, a closer look at what you are doing shows that you are redirecting from plain HTTP on port 81 to HTTPS on the same port. 

curl http://192.168.144.1:81/zxc -kvL
...
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc

This is very different from what you've tested before where you used HTTPS on the standard port (443). And it is very likely that your HTTP server does not speak HTTP and HTTPS on the same port 81 - most servers don't even support such kind of configuration.



来源:https://stackoverflow.com/questions/62099014/curl-fails-to-verify-self-signed-certificate-after-redirection-from-http-to-http

标签
ssl
curl
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!