在 RHEL 上,如果我以普通用户身份运行 curl,我会收到错误:
> curl -Sv https://example.com
* About to connect() to example.com port 443 (#0)
* Trying 93.184.216.34...
* Connected to example.com (93.184.216.34) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* Closing connection 0
curl: (77) Problem with the SSL CA cert (path? access rights?)
但如果我以 root 身份运行相同的命令,一切都正常:
> curl -Sv https://example.com
* About to connect() to example.com port 443 (#0)
* Trying 93.184.216.34...
* Connected to example.com (93.184.216.34) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=www.example.org,O=Internet Corporation for Assigned Names and Numbers,L=Los Angeles,ST=California,C=US
* start date: Mar 14 00:00:00 2022 GMT
* expire date: Mar 14 23:59:59 2023 GMT
* common name: www.example.org
* issuer: CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US
> GET / HTTP/1.1
我认为这肯定是一个权限问题,但普通用户确实有权读取 /etc/pki/tls/certs/ca-bundle.crt 和 /etc/pki/nssdb 中的文件
Curl 对两个用户使用相同的证书:
> curl-config --ca
/etc/pki/tls/certs/ca-bundle.crt
有任何想法吗?
答案1
事实证明我的 LD_LIBRARY_PATH 导致 curl 加载一些导致依赖性破坏的库。
取消设置 LD_LIBRARY_PATH 后,一切正常运行。