我有一个本地网络服务器,它托管我正在尝试做的另一台机器上的所有debian软件包apt-get update / upgrade来获取软件包索引列表并使用https升级机器但只有基本授权作为我的web服务器配置为仅执行基本身份验证,我不想将其更改为基于证书的身份验证。
使用https基本身份验证的apt-get更新工作正常(即客户端能够跳过基于证书的身份验证)当我使用Web服务器的IP地址但是一旦我尝试使用Web服务器的主机名然后它没有工作我一直收到错误" gnutls_handshake()失败:收到了TLS警告提示。"Debug::Acquire::https "true";
Acquire::https::10.2.20.1 {
Verify-Host "false";
Verify-Peer "false";
};
deb [arch=amd64] https://username:password@10.2.20.1:443/foo bar test
工作时调试
0% [Working]* About to connect() to 10.2.20.1 port 443 (#0)
* Trying 10.2.20.1... * connected
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification SKIPPED
* Server auth using Basic with user 'username'
> GET /foo/dists/bar/Release.gpg HTTP/1.1
Authorization: Basic
Debug::Acquire::https "true";
Acquire::https::my-foo-test.com {
Verify-Host "false";
Verify-Peer "false";
};
deb [arch=amd64] https://username:password@my-foo-test.com:443/foo bar test
使用主机名时使用TLS警告进行调试
root @ my:〜#apt-get update
0% [Working]* About to connect() to my-foo-test.com port 443 (#0)
* Trying 10.2.20.1... * connected
* found 164 certificates in /etc/ssl/certs/ca-certificates.crt
* gnutls_handshake() failed: A TLS warning alert has been received.
* Closing connection #0
Ign https://my-foo-test.com repo Release.gpg
我已经在我的机器上本地解析了IP to hostname,我正在使用/ etc / hosts文件运行apt-get update
从/ etc / hosts文件中输入
10.2.20.1 my-foo-test.com
事件尝试了以下方式,但没有工作,尝试将其放入apt.conf.d /也没有工作
apt-get update -o Debug :: Acquire :: https = true -o Acquire :: https :: Verify-Host = false -o Acquire :: https :: Verify-Peer = false -o Dir :: Etc :: SOURCELIST =" /etc/apt/sources.list.d/mysource.list"更新
感谢您的帮助!