我在防火墙后面使用 SLES 2015。我所有的传出通信都通过代理进行;具体来说,当我编写时,zypper 会尝试使用代理,例如:
zypper search-packages foo
但代理提供了自己的 SSL 证书,而不是实际的目标站点,本质上是运行“中间人”攻击:-P ...所以我得到:
SSL verification failed: unable to get local issuer certificate
Certificate issuer: /C=US/O=Foo Inc./CN=Foo Inc. External Root CA 2.1
Certificate subject: /C=US/O=Foo Inc./OU=Whatever/CN=Foo Inc. CA 2.1
Could not search for the package: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
我想避免这种失败的证书验证;我猜最简单的方法就是不验证任何证书。如何关闭验证?
附加信息:
# zypper repos
Warning: No repositories defined.
Use the 'zypper addrepo' command to add one or more repositories.
答案1
您必须将选项添加ssl_verify=no到baseurl参数中。因此,如果您不想检查官方来源的 URL,您可以使用:
# WARNING: Use this option only if you know what you do
baseurl=https://download.opensuse.org/distribution/leap/15.2/repo/oss/?ssl_verify=no