libucrl 未能检查服务器证书
libucrl failed to check server certificate
我正在使用 libcurl(在 C 中)登录安全站点 (https)。到目前为止它工作正常。从昨天开始,它无法登录。代码如下所示。
bool login(char *user, char *password)
{
bool result = false;
CURL * curl = NULL;
char errbuf[CURL_ERROR_SIZE];
char status_text[1024];
CURLcode res;
long resp_code = 0;
int index;
/* These fields should be collected from license file */
char *user_field = "name";
char *password_field = "pass";
char *form_id_field = "form_id";
char *form_id = "user_login";
char *link = "https://example.com/user/login";
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if(curl == NULL) goto on_error;
curl_easy_reset(curl);
curl_easy_setopt(curl, CURLOPT_USERAGENT, "Mozilla/4.0");
curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_callback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)NULL);
curl_easy_setopt(curl, CURLOPT_URL, link);
res = curl_easy_perform(curl);
if(res == CURLE_OK)
{
curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_REFERER, link);
/* Data should be "name=user&pass=password&form_id=user-login" */
index = sprintf(status_text, "%s=%s&%s=%s&%s=%s",
user_field, user, password_field,
password, form_id_field, form_id);
*(status_text + index) = 0x0;
resp_code = 0;
res = CURLE_ABORTED_BY_CALLBACK;
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, status_text);
res = curl_easy_perform(curl);
curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &resp_code);
if((resp_code == 200) && (res != CURLE_ABORTED_BY_CALLBACK))
{
result = true;
}
else
{
result = false;
}
}
on_error:
if(curl)
{
curl_easy_cleanup(curl);
curl_global_cleanup();
curl_global_cleanup();
}
return result;
}
curl_easy_perform执行失败。 errbuf 显示类似 "server certificate verification failed. cafile /etc/ssl/certs/ca-certificates.crt crlfile none" 的错误。我知道 /etc/ssl/certs/ca-certificates.crt 文件有点问题,但我没有做任何更改。
这里可能是什么问题,任何解决此问题的提示,非常感谢。
与其说是答案,不如说是提示,但我没有足够的代表点数来发表评论。
Since yesterday it is not able to login
这可能与 Sectigo 的遗留 AddTrust 外部 CA 根证书已于 2020 年 5 月 30 日过期有关https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
来自上面的link
Certificates for your site are issued from a “chain” of issuing or “intermediate” CA that completes a path back to these trusted root certificates.
如果我正确理解上述陈述,AddTrust 外部 CA 根证书可能是链中的证书之一,因此验证失败 - 至少对于某些客户而言。
编辑
对我也有用的是这个https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
- edit /etc/ca-certificates.conf and put a bang/exclamation mark (!) before mozilla/AddTrust_External_Root.crt
- Run update-ca-certificates
我正在使用 libcurl(在 C 中)登录安全站点 (https)。到目前为止它工作正常。从昨天开始,它无法登录。代码如下所示。
bool login(char *user, char *password)
{
bool result = false;
CURL * curl = NULL;
char errbuf[CURL_ERROR_SIZE];
char status_text[1024];
CURLcode res;
long resp_code = 0;
int index;
/* These fields should be collected from license file */
char *user_field = "name";
char *password_field = "pass";
char *form_id_field = "form_id";
char *form_id = "user_login";
char *link = "https://example.com/user/login";
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if(curl == NULL) goto on_error;
curl_easy_reset(curl);
curl_easy_setopt(curl, CURLOPT_USERAGENT, "Mozilla/4.0");
curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_callback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)NULL);
curl_easy_setopt(curl, CURLOPT_URL, link);
res = curl_easy_perform(curl);
if(res == CURLE_OK)
{
curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_REFERER, link);
/* Data should be "name=user&pass=password&form_id=user-login" */
index = sprintf(status_text, "%s=%s&%s=%s&%s=%s",
user_field, user, password_field,
password, form_id_field, form_id);
*(status_text + index) = 0x0;
resp_code = 0;
res = CURLE_ABORTED_BY_CALLBACK;
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, status_text);
res = curl_easy_perform(curl);
curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &resp_code);
if((resp_code == 200) && (res != CURLE_ABORTED_BY_CALLBACK))
{
result = true;
}
else
{
result = false;
}
}
on_error:
if(curl)
{
curl_easy_cleanup(curl);
curl_global_cleanup();
curl_global_cleanup();
}
return result;
}
curl_easy_perform执行失败。 errbuf 显示类似 "server certificate verification failed. cafile /etc/ssl/certs/ca-certificates.crt crlfile none" 的错误。我知道 /etc/ssl/certs/ca-certificates.crt 文件有点问题,但我没有做任何更改。
这里可能是什么问题,任何解决此问题的提示,非常感谢。
与其说是答案,不如说是提示,但我没有足够的代表点数来发表评论。
Since yesterday it is not able to login
这可能与 Sectigo 的遗留 AddTrust 外部 CA 根证书已于 2020 年 5 月 30 日过期有关https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
来自上面的link
Certificates for your site are issued from a “chain” of issuing or “intermediate” CA that completes a path back to these trusted root certificates.
如果我正确理解上述陈述,AddTrust 外部 CA 根证书可能是链中的证书之一,因此验证失败 - 至少对于某些客户而言。
编辑
对我也有用的是这个https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
- edit /etc/ca-certificates.conf and put a bang/exclamation mark (!) before mozilla/AddTrust_External_Root.crt
- Run update-ca-certificates