时间戳

首页 > 解决方案 > 运行较新版本的 cURL 时的 SSL_ERROR_SYSCALL(错误 35)

linux - 运行较新版本的 cURL 时的 SSL_ERROR_SYSCALL(错误 35)

问题描述

我无法通过 cURL 获取 WSDL 文件。我认为它必须与 cURL 版本有关。该命令在基于 Debian 9 的 cURL 版本的 Docker 映像中运行:

# curl --version
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2l zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

但是,基本映像已更新到 Debian 10,并且该命令未运行。卷曲版本:

# curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

我可以使用 wget 或浏览器下载 WSDL,但我需要 cURL 来执行此命令。我找到了这个答案,我尝试了从 Chromium 复制的 cURL 命令,但得到了相同的结果......

命令:

# curl -vvv -k --header "Authorization: Basic <B64Encoded>" https://IP/service.asmx?WSDL -o /dev/null

debian 9 (cURL 7.52.1) 上的输出:

 *   Trying IP...
 * TCP_NODELAY set
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Dload  Upload   Total   Spent    Left  Speed
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to IP (IP) port 443 (#0)
 * ALPN, offering h2
 * ALPN, offering http/1.1
 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
 * successfully set certificate verify locations:
 *   CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
 * TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
 * TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [81 bytes data]
 * TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [753 bytes data]
 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
 * TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
 * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
 * TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
 * TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
 * TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
 * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
 * ALPN, server did not agree to a protocol
 * Server certificate:
 *  subject: CN=WMSvc-VS47558B
 *  start date: Sep  5 11:51:31 2016 GMT
 *  expire date: Sep  3 11:51:31 2026 GMT
 *  issuer: CN=WMSvc-VS47558B
 *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
} [5 bytes data]
> GET /service.asmx?WSDL HTTP/1.1
> Host: IP
> User-Agent: curl/7.52.1
> Accept: */*
> Authorization: Basic RUNTOnA5NDEtRUNTMjAyMQ==
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Cache-Control: private, max-age=0
< Content-Type: text/xml; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Fri, 12 Mar 2021 21:41:16 GMT
< Content-Length: 243498
<
{ [16151 bytes data]
 * Curl_http_done: called premature == 0
100  237k  100  237k    0     0  2083k      0 --:--:-- --:--:-- --:--:-- 2104k
 * Connection #0 to host IP left intact
 * List item

和 Debian 10 (cURL 7.64.0)

* Expire in 0 ms for 6 (transfer 0x5555fcd9df50)
*   Trying IP...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5555fcd9df50)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to IP (IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to IP:443 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to IP:443

它与ca-certs有关吗?

在 Debian 10 上安装了这个软件包:ca-certificates/now 20200601~deb10u1 all [installed,local] 在 Debian 9 上没有安装 ca-certs

强制低于 1.3 的 TLS 版本会产生相同的结果。远程服务器是 Windows Server 2012,我认为他们使用的只是过时的密码或其他东西。但是我怎样才能证明这一点并且有解决方法吗?在 cURL 更改日志中,我没有找到像“放弃对...的支持”之类的更改。

标签: linuxsslcurl

解决方案

推荐阅读