我有一个部署在azure上的tomcat服务器,它有我的REST API。直到现在,我使用HTTP从我的Android应用程序联系服务器并获得响应。今天,我向服务器添加了一个自签名证书,当我使用Android应用程序测试时(通过将URL更改为https)一切正常。但是,我想确认响应是否实际上是加密的。我该如何检查?
答案 0 :(得分:0)
<强>命令
curl -k -v https://github.com/corvusoft/restbed
<强>输出
* Hostname was NOT found in DNS cache
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: github.com
* Server certificate: DigiCert SHA2 Extended Validation Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> GET /corvusoft/restbed HTTP/1.1
> User-Agent: curl/7.37.1
> Host: github.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server GitHub.com is not blacklisted
< Server: GitHub.com
...
可以找到卷曲文档here
-k, --insecure
(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.
-v, --verbose
Be more verbose/talkative during the operation. Useful for debugging and seeing what's going on "under the hood". A line starting with '>' means "header data" sent by curl, '<' means "header data" received by curl that is hidden in normal cases, and a line starting with '*' means additional info provided by curl.