curl-users
Using curl behind a proxy: unable to get local issuer certificate
Date: Sat, 27 Jan 2018 11:40:50 +0800
I want to visit https://pypi.io, in a linux server. I have set environment
variable HTTP_PROXY and HTTPS_PROXY, when I issued this command:
*% curl -LO
https://pypi.io/packages/source/v/virtualenv/virtualenv-15.0.2.tar.gz
<https://pypi.io/packages/source/v/virtualenv/virtualenv-15.0.2.tar.gz>*
I got this error: *unable to get local issuer certificate*
When I was trying to solve the problem, I found that, the certificate my
browser and the openssl showcerts command shows different while they were
using the same proxy.
In my browser, I got certificates like this:
*FIRST: MY_COMPANY Root Ca*
*SECOND: pypi.org <http://pypi.org>*
but in the command I issued below,
*% proxytunnel -p $HTTPS_PROXY -d pypi.io:443 <http://pypi.io:443> -a 7000*
*% openssl s_client -connect localhost:7000 -showcerts*
I got these two
FIRST:
0 s:/businessCategory=Private
Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16
Allen Rd/postalCode=03894-4801/C=US/ST=New Hampshire/L=Wolfeboro/O=Python
Software Foundation/CN=www.python.org
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended
Validation Server CA
SECOND:
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended
Validation Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV
Root CA
I want to know why,
*=================================================================*
full messages as below:
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2
Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
--- Certificate chain 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA -----BEGIN CERTIFICATE----- *---- keys skiped ----* *-----END CERTIFICATE-----* * 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert <http://www.digicert.com/CN=DigiCert> SHA2 Extended Validation Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert <http://www.digicert.com/CN=DigiCert> High Assurance EV Root CA -----BEGIN CERTIFICATE--------- keys skiped ---------END CERTIFICATE--------Server certificatesubject=/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org <http://www.python.org>issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert <http://www.digicert.com/CN=DigiCert> SHA2 Extended Validation Server CA---No client certificate CA names sent---SSL handshake has read 4164 bytes and written 421 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256Server public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session:---messages skiped--- *
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-01-27