我在自签名SSL证书和curl方面有问题。
服务器是轻的。HTTPS工作正常:
$ curl https://192.168.144.1/zxc -k
HELLO
但是通过从HTTP重定向,它会失败:
curl http://192.168.144.1:81/zxc -kvL
* Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#0)
> GET /zxc HTTP/1.1
> Host: 192.168.144.1:81
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
< Content-Length: 0
< Date: Sat, 30 May 2020 06:59:57 GMT
< Server: lighttpd/1.4.48
<
* Connection #0 to host 192.168.144.1 left intact
* Issue another request to this URL: 'https://192.168.144.1:81/zxc'
* Hostname 192.168.144.1 was found in DNS cache
* Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
........... HERE IT STACKS FOR A MINUTE ....................
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
* stopped the pause stream!
* Closing connection 1
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
我在这里找到的一个可能的解决方案 https://stackoverflow.com/a/44494250/3743145:CURLOPT_SSL_VERIFYPEER=false。如何将其传递给卷曲 CLI?
> * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
错误SSL_ERROR_SYSCALL,这与证书验证无关。实际上,仔细观察您正在执行的操作会发现您正在从端口 81 上的纯 HTTP 重定向到同一端口上的HTTPS。
curl http://192.168.144.1:81/zxc -kvL
...
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
这与之前在标准端口 (443( 上使用 HTTPS 的测试非常不同。而且您的HTTP服务器很可能不在同一端口81上使用HTTP和HTTPS - 大多数服务器甚至不支持这种配置。
我遇到了类似的问题,并通过确保证书中的私钥格式正确进行了修复。 https://sysadminupdates.com/blog/2021/06/22/ssl-error-libressl-ssl_connect-ssl_error_syscall/