谁能告诉我为什么或如何诊断以下curl命令挂起的原因:
curl 'https://www.nasdaq.com/' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1'
当使用 -v 选项运行时,这是输出(挂在“旧 SSL 会话...”):
* Trying 104.81.179.248:443...
* Connected to www.nasdaq.com (104.81.179.248) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /home/ubuntu/anaconda2/ssl/cacert.pem
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=Connecticut; L=Shelton; O=NASDAQ, INC.; CN=www.nasdaq.com
* start date: Jun 15 00:00:00 2020 GMT
* expire date: Oct 20 12:00:00 2020 GMT
* subjectAltName: host "www.nasdaq.com" matched cert's "www.nasdaq.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.nasdaq.com
> Accept-Encoding: deflate, gzip
> User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Accept-Language: en-US,en;q=0.5
> DNT: 1
> Connection: keep-alive
> Upgrade-Insecure-Requests: 1
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
创建新的 AWS Ubuntu 服务器 16.04 和 18.04 Amazon AMI 实例并运行curl 命令会在 16.04 上挂起,但在 18.04 上不会挂起。在运行 14.04 的不同系统上,我使用 Conda 将curl 和 openssl 更新到比 18.04 系统更新的版本,尽管版本较新,但它仍然挂起。
以下是在 14.04 系统上运行curl --version 的输出:
curl 7.71.1 (x86_64-conda_cos6-linux-gnu) libcurl/7.71.1 OpenSSL/1.1.1g zlib/1.2.11 libssh2/1.9.0
Release-Date: 2020-07-01
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTPS-proxy IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets
以下是在 Ubuntu 18.04 AWS 实例上运行的相同内容:
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
这是在另一个 18.04 系统上使用 Conda 的 curl 并正常工作的相同内容:
curl 7.63.0 (x86_64-conda_cos6-linux-gnu) libcurl/7.63.0 OpenSSL/1.1.1g zlib/1.2.11 libssh2/1.8.0
Release-Date: 2018-12-12
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy
我注意到两个工作系统都将 HTTPS 代理列为一项功能,而非工作系统则没有。这可能是问题所在吗?
答案1
就我而言,我必须禁用ipv6
,例如在 Ubuntu 上:
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1