在調試一塊設備連接業務平臺是發現報錯:
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
問題比較明顯:
SSL certificate problem: certificate has expired
SSL證書過期了。解決辦法就是更新服務器的證書。
不過一些其他原因導致這個證書更新需要時間,在這段時間其實也可以繼續調試接口,那就要採用忽略證書校驗這一步,但保留SSL認證流程。
curl的社區大神們給了這樣一個參數
-k
注意是小寫的k,意思是:允許curl使用非安全的ssl連接並且傳輸數據(證書不受信)。
curl -v -k https://xxx.xxxx.xxx/xx
整個SSL的握手過程終於正常進行了:
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):