从 master 构建 istio/istio 1.6.0 - curl: (60) SSL 证书问题
build istio/istio 1.6.0 from master - curl: (60) SSL certificate problem
我尝试根据 https://github.com/istio/istio/wiki/Using-the-Code-Base 使用 make build 从 master 构建 istio/istio 。
当构建脚本尝试下载 istio-proxy 时,curl 退出并显示错误代码:
...
Downloading Envoy: curl -fLSs https://github.com/istio/proxy/releases/download/1.0.2/istio-proxy-1.0.2-macos.tar.gz to /work/out/darwin_amd64/release/envoy-1.0.2
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
...
我访问了 https://curl.haxx.se/docs/sslcerts.html ,下载了最新版本 cacert.pem 并放入 /etc/ssl/certs/cacert.pem.
毕竟我可以手动下载 istio-proxy-1.0.2-macos.tar.gz(使用 curl)
curl -L https://github.com/istio/proxy/releases/download/1.0.2/istio-proxy-1.0.2-macos.tar.gz --output some-output-file
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 620 100 620 0 0 1383 0 --:--:-- --:--:-- --:--:-- 1383
100 7947k 100 7947k 0 0 631k 0 0:00:12 0:00:12 --:--:-- 1359k
,但是执行的时候还是报错make build.
当 curl 与 -k 一起使用时(使用 SSL 时允许不安全的服务器连接),得到 You are being redirected.:
<html><body>You are being <a href="https://github-production-release-asset-2e65be.s3.amazonaws.com/75322405/f13ffa80-b53b-11e8-9527-2a586cbda4ad?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200304%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200304T111428Z&X-Amz-Expires=300&X-Amz-Signature=73a2788ecc120b520a6ddeb237b8bbd74a035f71e3aed8f5ee2de6f463abf3fc&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Distio-proxy-1.0.2-macos.tar.gz&response-content-type=application%2Foctet-stream">redirected</a>.</body></html>
OS: macOS 卡特琳娜 10.15.1
tmp 解决方案 => 添加 -k 选项到
...
if command -v curl > /dev/null; then
if curl --version | grep Protocols | grep https > /dev/null; then
DOWNLOAD_COMMAND='curl -kfLSs'
return
...
到bin/init.sh=>无论在哪里使用DOWNLOAD_COMMAND,都使用了不安全的连接。
我知道这是个坏主意...
我尝试根据 https://github.com/istio/istio/wiki/Using-the-Code-Base 使用 make build 从 master 构建 istio/istio 。
当构建脚本尝试下载 istio-proxy 时,curl 退出并显示错误代码:
...
Downloading Envoy: curl -fLSs https://github.com/istio/proxy/releases/download/1.0.2/istio-proxy-1.0.2-macos.tar.gz to /work/out/darwin_amd64/release/envoy-1.0.2
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
...
我访问了 https://curl.haxx.se/docs/sslcerts.html ,下载了最新版本 cacert.pem 并放入 /etc/ssl/certs/cacert.pem.
毕竟我可以手动下载 istio-proxy-1.0.2-macos.tar.gz(使用 curl)
curl -L https://github.com/istio/proxy/releases/download/1.0.2/istio-proxy-1.0.2-macos.tar.gz --output some-output-file
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 620 100 620 0 0 1383 0 --:--:-- --:--:-- --:--:-- 1383
100 7947k 100 7947k 0 0 631k 0 0:00:12 0:00:12 --:--:-- 1359k
,但是执行的时候还是报错make build.
当 curl 与 -k 一起使用时(使用 SSL 时允许不安全的服务器连接),得到 You are being redirected.:
<html><body>You are being <a href="https://github-production-release-asset-2e65be.s3.amazonaws.com/75322405/f13ffa80-b53b-11e8-9527-2a586cbda4ad?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200304%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200304T111428Z&X-Amz-Expires=300&X-Amz-Signature=73a2788ecc120b520a6ddeb237b8bbd74a035f71e3aed8f5ee2de6f463abf3fc&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Distio-proxy-1.0.2-macos.tar.gz&response-content-type=application%2Foctet-stream">redirected</a>.</body></html>
OS: macOS 卡特琳娜 10.15.1
tmp 解决方案 => 添加 -k 选项到
...
if command -v curl > /dev/null; then
if curl --version | grep Protocols | grep https > /dev/null; then
DOWNLOAD_COMMAND='curl -kfLSs'
return
...
到bin/init.sh=>无论在哪里使用DOWNLOAD_COMMAND,都使用了不安全的连接。
我知道这是个坏主意...