libcurl2rtt包使用mbedtls加密证书问题

发布于 2020-06-18 09:18:44
因为DNS服务还有问题,所以这里直接用了ip地址访问:118.31.15.152->www.rt-thread.com
1.-k跳过证书正常.
msh />curl --verbose -k --capath ./ https://118.31.15.152/service/rt-thread.txt
* timeout on name lookup is not supported
* Trying 118.31.15.152:443...
* TCP_NODELAY set
* Connected to 118.31.15.152 () port 443 (#0)
* mbedTLS: Connecting to 118.31.15.152:443
* mbedTLS: Set min SSL version to TLS 1.0
* mbedTLS: Handshake complete, cipher is TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
* Dumping cert info:
* cert. version : 3
* serial number : 09:2F:6D:AE:96:EC:D7:D0:24:55:D2:F5:64:20:50:23
* issuer name : C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018
* subject name : CN=*.rt-thread.org
* issued on : 2020-06-05 00:00:00
* expires on : 2021-06-05 12:00:00
* signed using : RSA with SHA-256
* RSA key size : 2048 bits
* basic constraints : CA=false
* subject alt name : *.rt-thread.org, rt-thread.org
* key usage : Digital Signature, Key Encipherment
* ext key usage : TLS Web Server Authentication, TLS Web Client Authentication

* SSL connected
> GET /service/rt-thread.txt HTTP/1.1
> Host: 118.31.15.152
> User-Agent: curl/7.67.0-DEV
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.3 (Ubuntu)
< Date: Thu, 18 Jun 2020 01:11:34 GMT
< Content-Type: text/html
< Content-Length: 194
< Connection: keep-alive
< Location: https://club.rt-thread.org/service/rt-thread.txt
< Strict-Transport-Security: max-age=1800; includeSubdomains; preload
<

301 Moved Permanently

301 Moved Permanently



nginx/1.10.3 (Ubuntu)



* Connection #0 to host 118.31.15.152 left intact

2.我已经按照文档重新获取rt-thread的证书了,放到了/data目录下.可还是不行.
msh />curl --verbose --capath ./data/ https://118.31.15.152/service/rt-thread.txt
* timeout on name lookup is not supported
* Trying 118.31.15.152:443...
* TCP_NODELAY set
* Connected to 118.31.15.152 () port 443 (#0)
* mbedTLS: Connecting to 118.31.15.152:443
* mbedTLS: Set min SSL version to TLS 1.0
* mbedTLS: Handshake complete, cipher is TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
* Cert verify failed: BADCERT_CN_MISMATCH
* Closing connection 0
curl: (60) Cert verify failed: BADCERT_CN_MISMATCH
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

查看更多

关注者
0
被浏览
126
2 个回答
aozima
aozima 2020-06-18
当https的server有多个域名的时候,需要SNI传输域名才行,所以你直接用IP访问,他就不知道你需要访问哪个域名了。

如果是http,有 host 就行,https还需要SNI。
芋圆源钰
芋圆源钰 2020-06-18
aozima 发表于 2020-6-18 09:24
当https的server有多个域名的时候,需要SNI传输域名才行,所以你直接用IP访问,他就不知道你需要访问哪个域 ...


谢谢!
看来还是逃不过哦,我得先把DNS服务调通.
大神知道下面这个是什么情况吗?
移植的libcurl2rtt包,dns服务总是过不了,直接ping www.rt-thread.com都能通.
msh />curl --verbose -k --capath ./ https://www.rt-thread.com/service/rt-thread.txt
* timeout on name lookup is not supported
* Curl_ipv4_resolve_r failed for www.rt-thread.com
* Couldn't resolve host 'www.rt-thread.com'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.rt-thread.com'

msh />ping www.rt-thread.com
60 bytes from 118.31.15.152 icmp_seq=0 ttl=49 time=60 ms
60 bytes from 118.31.15.152 icmp_seq=1 ttl=49 time=30 ms
60 bytes from 118.31.15.152 icmp_seq=2 ttl=49 time=30 ms
60 bytes from 118.31.15.152 icmp_seq=3 ttl=49 time=30 ms

撰写答案

请登录后再发布答案,点击登录

发布
问题

分享
好友