wget + nginx + ssl
Mihails
mixei at inbox.lv
Fri Sep 11 11:52:00 MSD 2009
С использованием : "ssl_client_certificate ca.crt" и команды "wget -d
--no-check-certificate --certificate=./client.crt
--private-key=./client.key https://192.168.1.210" ,соединение
происходит,но выдает ошибку :
---request begin---
GET / HTTP/1.0
User-Agent: Wget/1.11.4
Accept: */*
Host: 192.168.1.210
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 400 Bad Request
Server: nginx/0.7.61
Date: Fri, 11 Sep 2009 07:46:39 GMT
Content-Type: text/html
Content-Length: 231
Connection: close
---response end---
400 Bad Request
Closed 3/SSL 0x08976f28
2009-09-11 10:46:39 ERROR 400: Bad Request.
Лог фаил пишет :
2009/09/11 10:46:27 [info] 2288#3484: *100 client SSL certificate verify
error: (7:certificate signature failure) while reading client request
headers, client: 192.168.1.211, server: 192.168.1.210, request: "GET /
HTTP/1.0", host: "192.168.1.210"
2009/09/11 10:46:39 [info] 2288#3484: *101 client SSL certificate verify
error: (7:certificate signature failure) while reading client request
headers, client: 192.168.1.211, server: 192.168.1.210, request: "GET /
HTTP/1.0", host: "192.168.1.210"
После чего в конфиге обратно прописал : ssl_client_certificate
client.crt и запустил такую же команду с wget. В результате успешно
соединился и скачал фаил:
---request begin---
GET / HTTP/1.0
User-Agent: Wget/1.11.4
Accept: */*
Host: 192.168.1.210
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Fri, 11 Sep 2009 07:50:44 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Wed, 30 Aug 2006 11:39:18 GMT
Connection: keep-alive
Accept-Ranges: bytes
---response end---
200 OK
Registered socket 3 for persistent reuse.
Length: 151 [text/html]
Saving to: `index.html'
Igor Sysoev wrote:
> On Thu, Sep 10, 2009 at 11:02:04AM +0300, Mihails wrote:
>
>
>> Запускаю : " wget -d --certificate=/home/client.crt
>> https://192.168.1.210"
>> Connecting to 192.168.1.210|192.168.1.210|:443... connected.
>> Created socket 3.
>> Releasing 0x09456c98 (new refcount 1).
>> Initiating SSL handshake.
>> SSL handshake failed.
>> OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
>> handshake failure
>> Closed fd 3
>> Unable to establish SSL connection.
>> После чего пришёл к выводу,что через
>> wget не происходит соединение.
>>
>
> Что в error_log nginx' на info уровне ?
>
> - ssl_client_certificate client.crt;
> + ssl_client_certificate ca.crt;
>
> У меня wget с этим набором сертификатов соединялся только в таком случае:
>
> wget -d --no-check-certificate
> --certificate=client.crt
> --private-key=client.key
>
> Для
>
> wget -d --ca-certificate=ca.crt
> --certificate=client.crt
> --private-key=client.key
>
> Выдавалось
>
> Initiating SSL handshake.
> Handshake successful; connected socket 3 to SSL handle 0x0808fa00
> certificate:
> subject: ...
> issuer: ...
> ERROR: Certificate verification error for t42: self signed certificate
> To connect to localhost insecurely, use `--no-check-certificate'.
> Closed 3/SSL 0x808fa00
> Unable to establish SSL connection.
>
>
>
More information about the nginx-ru
mailing list