{"id":6330,"date":"2024-02-16T13:27:51","date_gmt":"2024-02-16T11:27:51","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=6330"},"modified":"2024-02-16T13:27:51","modified_gmt":"2024-02-16T11:27:51","slug":"%d0%bd%d0%b5%d0%be%d1%87%d0%b5%d0%b2%d0%b8%d0%b4%d0%bd%d0%b0-%d0%bf%d1%80%d0%be%d0%b1%d0%bb%d0%b5%d0%bc%d0%b0-%d0%b7-curl","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=6330","title":{"rendered":"\u041d\u0435\u043e\u0447\u0435\u0432\u0438\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437 curl"},"content":{"rendered":"\n

\u041d\u0430 \u043e\u0434\u043d\u043e\u043c\u0443 \u0434\u0443\u0436\u0435 \u0441\u0442\u0430\u0440\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0456 \u0432\u0438\u043d\u0438\u043a\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437 curl<\/strong><\/p>\n\n\n

# curl https:\/\/domain.com\ncurl: (60) SSL certificate problem: certificate has expired\nMore details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html\n\ncurl performs SSL certificate verification by default, using a \"bundle\"\n of Certificate Authority (CA) public keys (CA certs). If the default\n bundle file isn't adequate, you can specify an alternate file\n using the --cacert option.\nIf this HTTPS server uses a certificate signed by a CA represented in\n the bundle, the certificate verification probably failed due to a\n problem with the certificate (it might be expired, or the name might\n not match the domain name in the URL).\nIf you'd like to turn off curl's verification of the certificate, use\n the -k (or --insecure) option.<\/pre>\n
<\/p>\n\n
\u0417\u0434\u0430\u0432\u0430\u043b\u043e\u0441\u044f \u0431, \u0442\u0440\u0435\u0431\u0430 \u043e\u043d\u043e\u0432\u0438\u0442\u0438 (\u044f \u0437\u0440\u043e\u0431\u0438\u0432 rsync 1:1<\/strong>) \u0441\u043f\u0438\u0441\u043e\u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0456\u0432 \u0456 \u0432\u0441\u0435. \u0410\u043b\u0435 \u043d\u0430\u0432\u0456\u0442\u044c, \u043f\u0456\u0441\u043b\u044f \u043e\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435 \u0437\u043d\u0438\u043a\u043b\u0430. \u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0434\u0438\u0432\u0438\u0442\u0438\u0441\u044f “\u0433\u043b\u0438\u0431\u0448\u0435”:<\/p>\n\n\n
# strace -o \/tmp\/curl.trace curl https:\/\/domain.com\n...\nstat(\"\/etc\/ssl\/certs\/2e5ac55d.0\", {st_mode=S_IFREG|0644, st_size=1200, ...}) = 0\nopen(\"\/etc\/ssl\/certs\/2e5ac55d.0\", O_RDONLY) = 4\nfstat(4, {st_mode=S_IFREG|0644, st_size=1200, ...}) = 0\nmmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd779e34000\nread(4, \"-----BEGIN CERTIFICATE-----\\nMIID\"..., 4096) = 1200\nread(4, \"\", 4096)                       = 0\nclose(4)                                = 0\nmunmap(0x7fd779e34000, 4096)            = 0\nstat(\"\/etc\/ssl\/certs\/2e5ac55d.1\", 0x7fff50e04ac0) = -1 ENOENT (No such file or directory)\n...\n<\/pre>\n\n\n
\u042f\u043a\u0449\u043e \u0443\u0432\u0430\u0436\u043d\u043e \u043f\u043e\u0434\u0438\u0432\u0438\u0442\u0438\u0441\u044f \u0432\u0438\u0432\u0456\u0434 strace <\/strong>\u0442\u043e \u043c\u0438 \u043f\u043e\u0431\u0430\u0447\u0438\u043c\u043e \u0437\u0433\u0430\u0434\u0443\u0432\u0430\u043d\u043d\u044f \u0442\u0456\u043b\u044c\u043a\u0438 \u0446\u044c\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0443 \u0456 \u0431\u0456\u043b\u044c\u0448\u0435 \u043d\u0456\u044f\u043a\u0438\u0445. \u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u043e\u0434\u0438\u0432\u0438\u043c\u043e\u0441\u044f, \u0449\u043e \u0437 \u043d\u0438\u043c \u043d\u0435 \u0442\u0430\u043a:<\/p>\n\n\n
\n# openssl x509 -text -noout -in \/etc\/ssl\/certs\/2e5ac55d.0 | grep Not\n            Not Before: Sep 30 21:12:19 2000 GMT\n            Not After : Sep 30 14:01:15 2021 GMT\n<\/pre>\n\n\n
\u0422\u0435\u043f\u0435\u0440 \u0437\u0440\u043e\u0437\u0443\u043c\u0456\u043b\u043e. \u0422\u0440\u0435\u0431\u0430 \u0432\u0438\u0434\u0430\u043b\u0438\u0442\u0438 \u0439\u043e\u0433\u043e \u0437\u0432\u0456\u0434\u0443\u0441\u0456\u043b\u044c. \u0412\u0456\u0437\u044c\u043c\u0435\u043c\u043e \u044f\u043a\u0443\u0441\u044c \u0447\u0430\u0441\u0442\u0438\u043d\u0443 \u0432\u043c\u0456\u0441\u0442\u0443 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0443 \u0456 \u043f\u043e\u0448\u0443\u043a\u0430\u0454\u043c\u043e, \u0434\u0435, \u0432\u0456\u043d \u043c\u043e\u0436\u0435 \u0431\u0443\u0442\u0438:<\/p>\n\n\n
\n# grep -r 5v3gTt23ADq1cEmv8uXr \/etc\/ssl\/certs\n\/etc\/ssl\/certs\/ca-certificates.crt:ikugdB\/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\n<\/pre>\n\n\n
\u0422\u0430\u043a\u043e\u0436 \u0432\u0438\u0434\u0430\u043b\u044f\u0454\u043c\u043e \u0440\u044f\u0434\u043e\u043a mozilla\/DST_Root_CA_X3.crt<\/strong> \u0437 \/etc\/ca-certificates.conf<\/strong>\u00a0\u043d\u0443 \u0456 \u0441\u0430\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442<\/p>\n\n\n
# rm \/etc\/ssl\/certs\/2e5ac55d.0 \/etc\/ssl\/certs\/DST_Root_CA_X3.pem<\/pre>\n\n\n
PS. \u0434\u0443\u0436\u0435 \u0434\u0438\u0432\u043d\u043e, \u0449\u043e \u043d\u0430 \u043d\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0456 \u0437 \u0442\u0430\u043a\u0438\u043c \u0436\u0435 \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0432\u0441\u0435 \u043f\u0440\u0430\u0446\u044e\u0454. \u041c\u043e\u0436\u0435 \u0432 \u043d\u043e\u0432\u0456\u0439 \u0432\u0435\u0440\u0441\u0456\u0457 \u0434\u043e\u0434\u0430\u043b\u0438 \u0456\u0433\u043d\u043e\u0440\u0443\u0432\u0430\u043d\u043d\u044f \u043f\u0440\u043e\u0442\u0435\u0440\u043c\u0456\u043d\u043e\u0432\u0430\u043d\u0438\u0445 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0456\u0432.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u041d\u0430 \u043e\u0434\u043d\u043e\u043c\u0443 \u0434\u0443\u0436\u0435 \u0441\u0442\u0430\u0440\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0456 \u0432\u0438\u043d\u0438\u043a\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437 curl # curl https:\/\/domain.com curl: (60) SSL certificate problem: certificate has expired More details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html curl performs SSL certificate verification by default, using a “bundle” of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn’t adequate, you can specify an alternate file […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-6330","post","type-post","status-publish","format-standard","hentry","category-others"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6330","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6330"}],"version-history":[{"count":1,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6330\/revisions"}],"predecessor-version":[{"id":6331,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6330\/revisions\/6331"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6330"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6330"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6330"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}