自从升级到 Ubuntu 12.04 以来,我开始收到基于 SSL 的 curl 请求 Apple 验证服务器的错误。这种情况发生在我所有的 12.04 服务器上。
使用此命令curl -Iv https://buy.itunes.apple.com/verifyReceipt
或 PHP 的 curl 库我收到此错误SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
以下是有关现在出现故障的盒子的一些详细信息
curl/7.22.0 libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
该命令在 10.04.4 LTS 服务器上继续有效
curl/7.19.7 libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
任何帮助,将不胜感激。
编辑:OPENSSL 输出
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592/C=US/postalCode=95014/ST=California/L=Cupertino/street=1 Infinite Loop/O=Apple Inc./OU=iTMS Engineering/CN=buy.itunes.apple.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
*snip
-----END CERTIFICATE-----
subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592/C=US/postalCode=95014/ST=California/L=Cupertino/street=1 Infinite Loop/O=Apple Inc./OU=iTMS Engineering/CN=buy.itunes.apple.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA
---
No client certificate CA names sent
---
SSL handshake has read 6686 bytes and written 536 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 2B2D7AA20CA51CD6A0F962E7AC3F96C8B17C4CE9CEA2C386916772949693A93A
Session-ID-ctx:
Master-Key: A854A46411B4C710FCD822143E5EE305F2D6C4896BD4E008AD01DC31DCCAE76D9C1679184F11905C68F792A40CB56801
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1345955495
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
答案1
该问题已在最新的 Ubuntu 12.04 更新中得到解决。