-1
我試圖連接到Facebook(通過wordpress插件),Wordpress使用cURL爲此。 這個工作很好,直到上週,但是嘗試連接時,現在我收到以下錯誤:cURL Facebook連接:未知的SSL協議錯誤
cURL error 35: Unknown SSL protocol error in connection to graph.facebook.com:443
要看看它是否是一個wordpress-或捲曲的問題,我在命令行中嘗試這種(捲曲v7.47.0 ):
curl -v https://graph.facebook.com:443
這不工作,給下面的輸出:
* Rebuilt URL to: https://graph.facebook.com:443/
* Trying 157.240.3.19...
* Connected to graph.facebook.com (157.240.3.19) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 695 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Error in the pull function.
* Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
當我嘗試我的虛擬機(捲曲v7.35.0)在同一工作原理:
* Rebuilt URL to: https://graph.facebook.com:443/
* Hostname was NOT found in DNS cache
* Trying 31.13.65.1...
* Connected to graph.facebook.com (31.13.65.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com
* start date: 2016-12-09 00:00:00 GMT
* expire date: 2018-01-25 12:00:00 GMT
* subjectAltName: graph.facebook.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> GET/HTTP/1.1
> User-Agent: curl/7.35.0
> Host: graph.facebook.com
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< WWW-Authenticate: OAuth "Facebook Platform" "invalid_request" "Unsupported get request. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api"
< Access-Control-Allow-Origin: *
< Pragma: no-cache
< Cache-Control: no-store
< x-fb-rev: 2999583
< Content-Type: application/json; charset=UTF-8
< x-fb-trace-id: HQZT5c74sg/
< facebook-api-version: v2.3
< Expires: Sat, 01 Jan 2000 00:00:00 GMT
< Vary: Accept-Encoding
< X-FB-Debug: LV8vPkkNuJL3jABwLClvNFMdS+wAN1ogODJaLY14TjieV3rPXgWaEElPuSqNnQ3mO5qsj2H7OI2xAmlxjevIPA==
< Date: Thu, 04 May 2017 10:11:12 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host graph.facebook.com left intact
{"error":{"message":"Unsupported get request. Please read the Graph API documentation at https:\/\/developers.facebook.com\/docs\/graph-api","type":"GraphMethodException","code":100,"fbtrace_id":"HQZT5c74sg\/"}}
我注意到在Connected to graph.facebook.com (1.2.3.4) port 443 (#0)之後有區別。 它運行良好,直到上週(我不知道直到哪一天),但我不知道我可以改變,它不再工作。
有人知道我的問題是什麼?
編輯: 我試圖與另一臺主機(google.com)相同,但它的工作原理:
[email protected]:~$ curl -v https://google.com:443
* Rebuilt URL to: https://google.com:443/
* Trying 172.217.19.14...
* Connected to google.com (172.217.19.14) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 695 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2/ECDHE_ECDSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.google.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: EC
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com
* start date: Fri, 21 Apr 2017 08:25:00 GMT
* expire date: Fri, 14 Jul 2017 08:25:00 GMT
* issuer: C=US,O=Google Inc,CN=Google Internet Authority G2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET/HTTP/1.1
> Host: google.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Location: https://www.google.ch/?gfe_rd=cr&ei=gAoLWdqnE-uX8QecpaaIBw
< Content-Length: 259
< Date: Thu, 04 May 2017 11:03:28 GMT
< Alt-Svc: quic=":443"; ma=2592000; v="37,36,35"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.ch/?gfe_rd=cr&ei=gAoLWdqnE-uX8QecpaaIBw">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
編輯2:輸出curl -V的 :
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
curl可以編譯有很多不同的選項和TLS庫。你可以把'curl -V'的輸出添加到你的問題中嗎? –
@SteffenUllrich我編輯了這個問題。我看到了我的系統之間的差異。一個不工作的使用GnuTLS,另一個使用OpenSSL。我該如何改變這一點? – TheBalco
使用OpenSSL而不是GnuTLS作爲curl的後端,您需要針對OpenSSL編譯curl。在編譯後的curl二進制文件中切換後端是不可能的。 –