分类导航
LinuxWindowsCentOSUbuntuNginxMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器其他

certificate-authority – 为什么curl适用于特定的https站点,但是wget有证书问题?

Linux   发布时间:2022-04-01  发布网站:大佬教程  code.js-code.com
大佬教程收集整理的这篇文章主要介绍了certificate-authority – 为什么curl适用于特定的https站点,但是wget有证书问题?大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。

概述

Centos 6.更新了最近的ca证书后,我遇到了一些麻烦.我有最新版本的curl for centos 6: -bash-4.1$curl -V -v curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Protocols: tftp ftp te
Centos 6.更新了最近的ca证书后,我遇到了一些麻烦.我有最新版本的curl for centos 6: 
-bash-4.1$curl -V -v
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet Dict ldap ldaps http file https ftps scp sftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

并且wget:

-bash-4.1$wget -V -v
GNU Wget 1.12 built on linux-gnu.

+digest +ipv6 +nls +ntlm +opie +md5/openssl +https -gnutls +openssl 
-iri 

Wgetrc: 
    /etc/wgetrc (system)
Locale: /usr/share/locale 
Compile: gcc -DHAVE_CONfig_H -DSYstem_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../lib -O2 -g -pipe -Wall 
    -Wp,-D_FORTIFY_sourcE=2 -fexceptions -fstack-protector 
    --param=ssp-buffer-size=4 -m64 -mtune=generic -fno-Strict-aliasing 
Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_sourcE=2 -fexceptions 
    -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic 
    -fno-Strict-aliasing -Wl,-z,relro -lssl -lcrypto 
    /usr/lib64/libssl.so /usr/lib64/libcrypto.so -ldl -lrt ftp-opie.o 
    openssl.o http-ntlm.o gen-md5.o ../lib/libgnu.a 

Copyright (C) 2009 Free Software Foundation,Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY,to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Currently maintained by Micah Cowan <micah@cowan.name>.
Please send bug reports and questions to <bug-wget@gnu.org>.

现在我的CA https://www.certum.pl/证书有问题.卷曲工作正常:

-bash-4.1$curl -v 'https://certum.PL/'
* About to connect() to certum.pl port 443 (#0)
*   Trying 213.222.201.147... connected
* Connected to certum.pl (213.222.201.147) port 443 (#0)
* Initializing NSS with certpath: @L_772_7@:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=certum.pl,businessCategory=Private Organization,serialnumber=0000421310,incorporationState=pomorskie,incorporationLocality=Gdańsk,incorporationCountry=PL,postalCode=81-321,STREET=Podolska 21,ST=pomorskie,L=Gdynia,OU=Certification Authority Division,O=Asseco Data Systems s.A.,C=PL
*       start date: Aug 16 09:10:07 2017 GMT
*       expire date: Aug 16 09:10:07 2019 GMT
*       common name: certum.pl
*       issuer: CN=Certum Extended Validation CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies s.A.,C=PL
> GET / http/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: certum.pl
> Accept: */*
> 
< http/1.1 302 Found
< Date: Tue,17 Jul 2018 07:02:41 GMT
< Server: Apache
< Pragma: no-cache
< LOCATIOn: https://www.certum.PL/PL/
< Content-Length: 209
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.certum.PL/PL/">here</a>.</p>
</body></html>
* Closing connection #0

但是wget返回ERROR:

-bash-4.1$wget -d -O-  'https://certum.PL/'
SetTing --output-document (outputdocument) to -
DEBUG output created by Wget 1.12 on linux-gnu.

--2018-07-17 09:04:42--  https://certum.PL/
Resolving certum.pl... 213.222.201.147
Caching certum.pl => 213.222.201.147
ConnecTing to certum.pl|213.222.201.147|:443... connected.
Created socket 3.
Releasing 0x0000000000d2af00 (new refcount 1).
InitiaTing SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x0000000000d4bb40
certificate:
  subject: /C=PL/O=Asseco Data Systems s.A./OU=Certification Authority Division/L=Gdynia/ST=pomorskie/street=Podolska 21/postalCode=81-321/1.3.6.1.4.1.311.60.2.1.3=PL/1.3.6.1.4.1.311.60.2.1.1=Gda\\xC5\\x84sk/1.3.6.1.4.1.311.60.2.1.2=pomorskie/serialnumber=0000421310/businessCategory=Private Organization/CN=certum.pl
  issuer:  /C=PL/O=Unizeto Technologies s.A./OU=Certum Certification Authority/CN=Certum Extended Validation CA SHA2
ERROR: cAnnot verify certum.pl's certificate,issued by `/C=PL/O=Unizeto Technologies s.A./OU=Certum Certification Authority/CN=Certum Extended Validation CA SHA2':
  Unable to locally verify the issuer's authority.
To connect to certum.pl insecurely,use `--no-check-certificate'.
Closed 3/SSL 0x0000000000d4bb40

当我在命令中指定CA证书时也会出现同样的情况 – 对于wget: – ca-certificate = / etc / pki / tls / certs / ca-bundle.crt和curl:–cacert / etc / pki / tls / certs /ca-bundle.crt

ca-certificates版本现在是2018.2.22-65.1.el6 – 最新版本. openssl版本现在是1.0.1e-57.el6 – 最新版本.

你知道发生了什么吗?

解决方法

wget链接到OpenSSL,而curl链接到NSS加密库,这可能解释了为什么它们使用不同的信任库.

我附近没有RHel 6系统,但与OpenSSL使用的相比,rpm -ql nss可能会显示不同的/额外的信任存储.

此Red Hat资源可能与https://access.redhat.com/solutions/1549003相关

简而言之:update-ca-trust提取

大佬总结

以上是大佬教程为你收集整理的certificate-authority – 为什么curl适用于特定的https站点,但是wget有证书问题?全部内容,希望文章能够帮你解决certificate-authority – 为什么curl适用于特定的https站点,但是wget有证书问题?所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。
标签:authoritycertificatecurlhttpswget为什么但是特定站点证书适用于问题
猜你在找的Linux相关文章
其他相关热搜词更多
phpJavaPython程序员load如何string使用参数jquery开发安装listlinuxiosandroid工具javascriptcap