URL在浏览器中加载,但不在终端中加载(curl或Node.js)

qij5mzcb  于 2022-11-13  发布在  Node.js
关注(0)|答案(3)|浏览(165)

我想向https://www.bnro.ro/nbrfxrates.xml(罗马尼亚国家银行)发出GET请求,以获取今天的汇率。
虽然XML文档在浏览器中加载正常(在Safari和Chrome中测试),但在终端中却出现了故障(使用Node.js和curl检查):

$ curl -vL http://www.bnro.ro/nbrfxrates.xml
* Expire in 0 ms for 6 (transfer 0x7f8a5c009c00)
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
...
* Expire in 5 ms for 1 (transfer 0x7f8a5c009c00)
*   Trying 194.102.208.89...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7f8a5c009c00)
* Connected to www.bnro.ro (194.102.208.89) port 80 (#0)
> GET /nbrfxrates.xml HTTP/1.1
> Host: www.bnro.ro
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Date: Fri, 14 Jun 2019 11:13:13 GMT
< Location: https://www.bnro.ro/nbrfxrates.xml
< Server: BigIP
< Content-Length: 0
< X-Cache: MISS from HS-F0
< X-Cache-Lookup: MISS from HS-F0:0
< Via: 1.1 HS-F0 (squid/3.4.8)
< Connection: keep-alive
< 
* Connection #0 to host www.bnro.ro left intact
* Issue another request to this URL: 'https://www.bnro.ro/nbrfxrates.xml'
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
* Expire in 0 ms for 1 (transfer 0x7f8a5c009c00)
...
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
*   Trying 194.102.208.89...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7f8a5c009c00)
* Connected to www.bnro.ro (194.102.208.89) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 1
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

curl和我的Node.js应用程序都抱怨证书。
在我的Node.js脚本中,我收到以下错误:

{ Error: unable to verify the first certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1104:38)
    at emitNone (events.js:105:13)
    at TLSSocket.emit (events.js:207:7)
    at TLSSocket._finishInit (_tls_wrap.js:638:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:468:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

我尝试使用Chrome中的 Copy as CURL command 选项,但也不起作用。
为什么会发生这种情况?如何解决?

s5a0g9ez

s5a0g9ez1#

一个丢失的证书包,在这里阅读更多关于它的信息https://curl.haxx.se/docs/sslcerts.html,但TL;灾难恢复是下载https://curl.haxx.se/ca/cacert.pem并运行

curl -vL --cacert cacert.pem http://www.bnro.ro/nbrfxrates.xml
8fq7wneg

8fq7wneg2#

将CA中间证书连接到域证书中

目录中间件. crt〉〉域名.crt
SSL证书SSL/域名. crt;//你的nginx服务器块

jecbmhm3

jecbmhm33#

可能是服务器配置错误。他们使用了错误的证书文件(例如,cert.pem而不是fullchain.pem)。例如,如果你使用“Let 's encrypt”CA和python的ssl.wrap_socket,你应该这样写

httpd.socket = ssl.wrap_socket (httpd.socket, certfile='path/to/fullchain.pem', keyfile=path/to/privkey.pem' ,server_side=True, ssl_version=ssl.PROTOCOL_TLSv1_2)

如果firefox打开了服务器,而您无法更改服务器配置,必须使用curl,
1.然后通过firefox下载fullchain.pem(安全-〉查看证书-〉其他-〉下载PEM链)
1.现在你可以使用 curl 与此链。

curl --cacert downloaded_chain_for_the_site.pem https://site_name.com

相关问题