我正在尝试通过 TLS 连接到隐式 FTP,但它因 NSS 错误 -5938 (PR_END_OF_FILE_ERROR) 而终止。我正在运行最新的 Centos 7。我能够在 ubuntu 发行版中使用默认 curl 进行连接,但在 centos 7 上没有成功
输出如下
[ramorim@dev]$ curl --user user:pass ftps://ftp.example.com.br/ -l -v -k
* About to connect() to ftp.example.com.br port 990 (#0)
* Trying 209.10.xxx.xx...
* Connected to ftp.example.com.br (209.10.xxx.xx) port 990 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: [email protected],OU=example,O=example,L=São Paulo,ST=São Paulo,C=55,[email protected]
* start date: Nov 08 19:50:42 2016 GMT
* expire date: Nov 08 19:50:42 2017 GMT
* common name: [email protected]
* issuer: [email protected],OU=example,O=example,L=São Paulo,ST=São Paulo,C=55,[email protected]
< 220-FileZilla Server 0.9.59 beta
< 220-written by Tim Kosse ([email protected])
< 220 Please visit https://filezilla-project.org/
> USER user
< 331 Password required for user
> PASS xxxxx
< 230 Logged on
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 200 Protection level set to P
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||20105|)
* Trying 209.10.xxx.xx...
* Connecting to 209.10.xxx.xx (209.10.xxx.xx) port 20105
* Connected to ftp.example.com.br (209.10.xxx.xx) port 990 (#0)
> TYPE A
< 200 Type set to A
> NLST
< 150 Opening data channel for directory listing of "/"
* Maxdownload = -1
* Doing the SSL/TLS handshake on the data stream
* skipping SSL peer certificate verification
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Failure sending ABOR command: SSL connect error
* Closing connection 0
curl: (35) Encountered end of file
已安装版本
[ramorim@dev]$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[ramorim@dev]$ curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
答案1
我使用 openssl 或 gnutls 重新编译了 curl,解决了我的问题。
yum install gnutls gnutls-devel libssh2 libssh2-devel
wget https://curl.haxx.se/download/curl-7.54.0.tar.gz
tar -xvzf curl-7.54.0.tar.gz && cd curl-7.54.0/
./configure --with-gnutls --with-libssh2 --prefix=/usr/local
make
make install
rm /usr/bin/curl
ln -s /usr/local/bin/curl /usr/bin/curl