cURL/wget - SSLv3、TLS 握手、CERT 挂起

cURL/wget - SSLv3、TLS 握手、CERT 挂起

我在使用 cURL 或 wget 连接到 https 站点时遇到问题。当我从 https 下载时,curl 在进行 TLS 握手、CERT 时似乎被卡住了。这个问题与站点无关(我注意到它使用 github)并且 wget 也挂起(尽管我没有查看那里的详细输出)。

$ curl -v --trace-time https://www.google.de
10:35:21.532822 * About to connect() to www.google.de port 443 (#0)
10:35:21.533091 *   Trying 209.85.148.147... connected
10:35:21.538666 * Connected to www.google.de (209.85.148.147) port 443 (#0)
10:35:21.539119 * SSLv3, TLS handshake, Client hello (1):
10:35:21.544129 * SSLv3, TLS handshake, Server hello (2):
10:35:21.544182 * SSLv3, TLS handshake, CERT (11):

我已经等了 10 分钟以上,但什么也没发生。我正在使用 OSX Lion。

$curl --version
curl 7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SSL libz

我不知道在哪里寻求帮助,所以如果您能给我一些指示,我会很高兴。

谢谢

答案1

卷曲-v--跟踪时间https://www.google.de

21:50:34.054955 * About to connect() to www.google.de port 443
21:50:34.056574 *   Trying 74.125.39.104... connected
21:50:34.104587 * Connected to www.google.de (74.125.39.104) port 443
21:50:34.313259 * successfully set certificate verify locations:
21:50:34.313349 *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
21:50:34.313758 * SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using RC4-SHA
21:50:34.418541 * Server certificate:
21:50:34.418631 *        subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
21:50:34.418726 *        start date: 2011-10-26 00:00:00 GMT
21:50:34.418799 *        expire date: 2013-09-30 23:59:59 GMT
21:50:34.418902 * SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'
21:50:34.419000 * Closing connection #0
21:50:34.419124 * SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'

您似乎无法验证证书,因为您缺少 ca-bundle.crt。这(在 CentOS 5 中)属于 openssl-rpm。

答案2

在 Mac OS X / Darwin 中管理这些东西的一个好方法是安装一个包管理器,例如 Homebrew (http://brew.sh/

这样,当您安装像 cURL 这样的软件时,您也可以获得整个依赖项列表,或者您可以brew install openssl解决问题;)

相关内容