Curl
cURL/wget - SSLv3、TLS 握手、CERT 掛起
我在使用 cURL 或 wget 連接到 https 站點時遇到問題。當我從 https curl 下載時,似乎在進行 TLS 握手時卡住了,CERT。問題與站點無關(我注意到它使用 github)並且 wget 也掛起(儘管我沒有查看那裡的詳細輸出)。
$ curl -v --trace-time https://www.google.de 10:35:21.532822 * About to connect() to www.google.de port 443 (#0) 10:35:21.533091 * Trying 209.85.148.147... connected 10:35:21.538666 * Connected to www.google.de (209.85.148.147) port 443 (#0) 10:35:21.539119 * SSLv3, TLS handshake, Client hello (1): 10:35:21.544129 * SSLv3, TLS handshake, Server hello (2): 10:35:21.544182 * SSLv3, TLS handshake, CERT (11):我已經等了 > 10 分鐘,但沒有任何反應。我正在使用 OSX Lion。
$curl --version curl 7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SSL libz我不知道在哪裡尋求幫助,所以如果你能給我一些指示,我會很高興。
謝謝
curl -v –trace-time https://www.google.de
21:50:34.054955 * About to connect() to www.google.de port 443 21:50:34.056574 * Trying 74.125.39.104... connected 21:50:34.104587 * Connected to www.google.de (74.125.39.104) port 443 21:50:34.313259 * successfully set certificate verify locations: 21:50:34.313349 * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none 21:50:34.313758 * SSLv2, Client hello (1): SSLv3, TLS handshake, Server hello (2): SSLv3, TLS handshake, CERT (11): SSLv3, TLS handshake, Server finished (14): SSLv3, TLS handshake, Client key exchange (16): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSL connection using RC4-SHA 21:50:34.418541 * Server certificate: 21:50:34.418631 * subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com 21:50:34.418726 * start date: 2011-10-26 00:00:00 GMT 21:50:34.418799 * expire date: 2013-09-30 23:59:59 GMT 21:50:34.418902 * SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de' 21:50:34.419000 * Closing connection #0 21:50:34.419124 * SSLv3, TLS alert, Client hello (1): curl: (51) SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'由於缺少 ca-bundle.crt,您似乎無法驗證證書。這屬於(在 CentOS 5 中)openssl-rpm。