-1
我试图连接到Facebook(通过wordpress插件),Wordpress使用cURL为此。 这个工作很好,直到上周,但是尝试连接时,现在我收到以下错误:cURL Facebook连接:未知的SSL协议错误
cURL error 35: Unknown SSL protocol error in connection to graph.facebook.com:443
要看看它是否是一个wordpress-或卷曲的问题,我在命令行中尝试这种(卷曲v7.47.0 ):
curl -v https://graph.facebook.com:443
这不工作,给下面的输出:
* Rebuilt URL to: https://graph.facebook.com:443/
* Trying 157.240.3.19...
* Connected to graph.facebook.com (157.240.3.19) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 695 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Error in the pull function.
* Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
当我尝试我的虚拟机(卷曲v7.35.0)在同一工作原理:
* Rebuilt URL to: https://graph.facebook.com:443/
* Hostname was NOT found in DNS cache
* Trying 31.13.65.1...
* Connected to graph.facebook.com (31.13.65.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com
* start date: 2016-12-09 00:00:00 GMT
* expire date: 2018-01-25 12:00:00 GMT
* subjectAltName: graph.facebook.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> GET/HTTP/1.1
> User-Agent: curl/7.35.0
> Host: graph.facebook.com
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< WWW-Authenticate: OAuth "Facebook Platform" "invalid_request" "Unsupported get request. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api"
< Access-Control-Allow-Origin: *
< Pragma: no-cache
< Cache-Control: no-store
< x-fb-rev: 2999583
< Content-Type: application/json; charset=UTF-8
< x-fb-trace-id: HQZT5c74sg/
< facebook-api-version: v2.3
< Expires: Sat, 01 Jan 2000 00:00:00 GMT
< Vary: Accept-Encoding
< X-FB-Debug: LV8vPkkNuJL3jABwLClvNFMdS+wAN1ogODJaLY14TjieV3rPXgWaEElPuSqNnQ3mO5qsj2H7OI2xAmlxjevIPA==
< Date: Thu, 04 May 2017 10:11:12 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host graph.facebook.com left intact
{"error":{"message":"Unsupported get request. Please read the Graph API documentation at https:\/\/developers.facebook.com\/docs\/graph-api","type":"GraphMethodException","code":100,"fbtrace_id":"HQZT5c74sg\/"}}
我注意到在Connected to graph.facebook.com (1.2.3.4) port 443 (#0)之后有区别。 它运行良好,直到上周(我不知道直到哪一天),但我不知道我可以改变,它不再工作。
有人知道我的问题是什么?
编辑: 我试图与另一台主机(google.com)相同,但它的工作原理:
[email protected]:~$ curl -v https://google.com:443
* Rebuilt URL to: https://google.com:443/
* Trying 172.217.19.14...
* Connected to google.com (172.217.19.14) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 695 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2/ECDHE_ECDSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.google.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: EC
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com
* start date: Fri, 21 Apr 2017 08:25:00 GMT
* expire date: Fri, 14 Jul 2017 08:25:00 GMT
* issuer: C=US,O=Google Inc,CN=Google Internet Authority G2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET/HTTP/1.1
> Host: google.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Location: https://www.google.ch/?gfe_rd=cr&ei=gAoLWdqnE-uX8QecpaaIBw
< Content-Length: 259
< Date: Thu, 04 May 2017 11:03:28 GMT
< Alt-Svc: quic=":443"; ma=2592000; v="37,36,35"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.ch/?gfe_rd=cr&ei=gAoLWdqnE-uX8QecpaaIBw">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
编辑2:输出curl -V的 :
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
curl可以编译有很多不同的选项和TLS库。你可以把'curl -V'的输出添加到你的问题中吗? –
@SteffenUllrich我编辑了这个问题。我看到了我的系统之间的差异。一个不工作的使用GnuTLS,另一个使用OpenSSL。我该如何改变这一点? – TheBalco
使用OpenSSL而不是GnuTLS作为curl的后端,您需要针对OpenSSL编译curl。在编译后的curl二进制文件中切换后端是不可能的。 –