linux - 运行较新版本的 cURL 时的 SSL_ERROR_SYSCALL(错误 35)
问题描述
我无法通过 cURL 获取 WSDL 文件。我认为它必须与 cURL 版本有关。该命令在基于 Debian 9 的 cURL 版本的 Docker 映像中运行:
# curl --version
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2l zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
但是,基本映像已更新到 Debian 10,并且该命令未运行。卷曲版本:
# curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
我可以使用 wget 或浏览器下载 WSDL,但我需要 cURL 来执行此命令。我找到了这个答案,我尝试了从 Chromium 复制的 cURL 命令,但得到了相同的结果......
命令:
# curl -vvv -k --header "Authorization: Basic <B64Encoded>" https://IP/service.asmx?WSDL -o /dev/null
debian 9 (cURL 7.52.1) 上的输出:
* Trying IP...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to IP (IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [81 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [753 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=WMSvc-VS47558B
* start date: Sep 5 11:51:31 2016 GMT
* expire date: Sep 3 11:51:31 2026 GMT
* issuer: CN=WMSvc-VS47558B
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
} [5 bytes data]
> GET /service.asmx?WSDL HTTP/1.1
> Host: IP
> User-Agent: curl/7.52.1
> Accept: */*
> Authorization: Basic RUNTOnA5NDEtRUNTMjAyMQ==
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Cache-Control: private, max-age=0
< Content-Type: text/xml; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Fri, 12 Mar 2021 21:41:16 GMT
< Content-Length: 243498
<
{ [16151 bytes data]
* Curl_http_done: called premature == 0
100 237k 100 237k 0 0 2083k 0 --:--:-- --:--:-- --:--:-- 2104k
* Connection #0 to host IP left intact
* List item
和 Debian 10 (cURL 7.64.0)
* Expire in 0 ms for 6 (transfer 0x5555fcd9df50)
* Trying IP...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5555fcd9df50)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to IP (IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to IP:443
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to IP:443
它与ca-certs有关吗?
在 Debian 10 上安装了这个软件包:ca-certificates/now 20200601~deb10u1 all [installed,local]
在 Debian 9 上没有安装 ca-certs
强制低于 1.3 的 TLS 版本会产生相同的结果。远程服务器是 Windows Server 2012,我认为他们使用的只是过时的密码或其他东西。但是我怎样才能证明这一点并且有解决方法吗?在 cURL 更改日志中,我没有找到像“放弃对...的支持”之类的更改。
解决方案
推荐阅读
- javascript - Word 加载项替换当前文档字节
- css - CSS 选择器:“仅在没有父 Y 时选择 X”
- android - 在使用 Retrofit 调用获取 Web 服务请求时。“android.os.TransactionTooLargeException:数据包大小 1575704 字节”
- firebase - Angular 6,Firebase 存储网络图片库
- mysql - 在 MySQL 中选择多于一行的特定值和条件依赖项
- c++ - 在 Windows 和 Clion 上使用 OpenCV
- javascript - jQuery 对话框 - 内部 html 超链接
- python - 使用 selenium python 来自 tradingview 的数据
- excel - 构造一个嵌套的if excel公式
- javascript - 如何修改缩小的 javascript 文件以及随附的源映射?