HTTP GET using cURL is giving SSL error

可紊 提交于 2021-02-10 15:59:41

问题


I have written a REST server which listens on port 8000. I am trying to invoke the api from the same machine using the cURL command -

curl -H "accept: application/json" https://localhost:8000/status -v

I am getting the following error

* About to connect() to localhost port 8000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 8000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

I have tried bypassing the certificate verification using -k option but to no avail. What am I missing here? Please comment if any more info is required.

EDIT: My friend suggested to try with only http in the cURL command. Then it bypassed SSL check and it worked. But whats going wrong with https? Do I need to install certificate for localhost also? Also, why didn't -k option work?


回答1:


My friend suggested to try with only http in the cURL command. Then it bypassed SSL check and it worked.

It looks like that your server has not SSL enabled at all. That's why HTTP worked and HTTPS did not. Using HTTP did not bypass any SSL check because there is no SSL with HTTP and thus no SSL check to bypass.

Also, why didn't -k option work?

The -k option is used to skip certificate validation on SSL (HTTPS) connections. But it can only work if there is a SSL connection in the first place. Since your server does not support SSL at all -k will not help.

Do I need to install certificate for localhost also?

You need to first enable SSL on your (unknown) server. If your coded your own server then this means additional coding. And, once the server can do SSL at all you also need to setup a certificate which the server can provide to the client.




回答2:


In my case, I had to check my vhost configuration. Things I had to do is defining a specific name-based vhost for the domain.

Maybe, someone just wants a quick test first and doesn't want to configure a vhost, then they will encounter this error message.



来源:https://stackoverflow.com/questions/50581099/http-get-using-curl-is-giving-ssl-error

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!