curl请求https资源的时候出现400

2021-05-16 07:27

阅读:451

YPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

标签:fresh   rar   err   ica   nec   bsp   rtm   bad   .com   

在nginx上配置了一个新的域名, 习惯性地用curl请求看看有没有配置错误

因为是https的, 所以

$curl ‘https://test.test.com/‘ -x 127.0.0.1:443 -i -L  
HTTP/1.1 400 Bad Request  
Server: nginx/1.9.12  
Date: Mon, 08 Aug 2016 07:56:21 GMT  
Content-Type: text/html  
Content-Length: 173  
Connection: close  
  
curl: (56) Received HTTP code 400 from proxy after CONNECT  

400了..ToT

拿浏览器绑个hosts, 正常返回了... @.@

一定curl差了些什么参数了

看了下服务端上面的访问日志, 看到了形如以下的访问日志

[08/Aug/2016:16:07:27 +0800] "CONNECT test.test.com:443 HTTP/1.1" 400 173 "-" "-" "-"  

果断先拿百度开刷

# curl ‘https://www.baidu.com/‘ -i -L -v  
* About to connect() to www.baidu.com port 443 (#0)  
*   Trying 14.215.177.38... connected  
* Connected to www.baidu.com (14.215.177.38) port 443 (#0)  
* Initializing NSS with certpath: sql:/etc/pki/nssdb  
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt  
  CApath: none  
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA  
* Server certificate:  
*   subject: CN=baidu.com,OU=service operation department,O="Beijing Baidu Netcom Science Technology Co., Ltd.",L=Beijing,ST=Beijing,C=CN  
*   start date: Sep 17 00:00:00 2015 GMT  
*   expire date: Aug 31 23:59:59 2016 GMT  
*   common name: baidu.com  
*   issuer: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US  
> GET / HTTP/1.1  
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2  
> Host: www.baidu.com  
> Accept: */*  
>          
  
* Connection #0 to host www.baidu.com left intact  
* Closing connection #0  

"code" class="plain">  
# curl https://www.baidu.com/ -i -L -v  -x 103.235.46.39:443    ###103.235.46.39是跑到 8.8.8.8 dns出来的ip  
* About to connect() to proxy 103.235.46.39 port 443 (#0)  
*   Trying 103.235.46.39... connected  
* Connected to 103.235.46.39 (103.235.46.39) port 443 (#0)  
"code" class="plain">* Establish HTTP proxy tunnel to www.baidu.com:443  
> CONNECT www.baidu.com:443 HTTP/1.1   
> Host: www.baidu.com:443> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2> Proxy-Connection: Keep-Alive>1.1 302 Moved TemporarilyHTTP/1.1 302 Moved Temporarily1.0.8.14Server: bfe/1.0.8.1408 Aug 2016 07:49:07 GMTDate: Mon, 08 Aug 2016 07:49:07 GMT161//www.baidu.com/search/error.htmlLocation: https://www.baidu.com/search/error.html

 

两次请求百度首页, 区别在于 -x 这个参数, 从而确定是这个参数惹的祸

其实会留意到有这么两行

* Establish HTTP proxy tunnel to www.baidu.com:443  
> CONNECT www.baidu.com:443 HTTP/1.1  

 

curl -x参数, man文档里面对这个参数的描述, 第一句就是 ‘Use the specified proxy‘

大致原因是因为 -x 参数的原因, curl 把 127.0.0.1:443 当成 http proxy 来用

对于 https 的请求, curl 对proxy 先发起一个 connect 请求

但, nginx没有实现 connect 方法

导致 客户端直接报错

 

解决方法, 目前只看到绕过过去的方法, 改下请求的方式咯

# 这个请求会报错, 会报证书出错  
curl https://127.0.0.1/ -H Host:test.test.com -i -L -v  
# 加个 -k, 不验证证书, 请求成功  
curl https://127.0.0.1/ -H Host:test.test.com -i -L -v -k  

 

 

参考:http://blog.csdn.net/tacuhuh/article/details/52152695

 

curl请求https资源的时候出现400

标签:fresh   rar   err   ica   nec   bsp   rtm   bad   .com   

原文地址:http://www.cnblogs.com/lazyfang/p/7748563.html


评论


亲,登录后才可以留言!