似乎在越狱iOS中预先安装了可信任的权限/证书。例如:
在尝试克隆回购时,git说SSL certificate problem:
➜ ~ git clone https://github.com/tylerhall/sosumi.git
Cloning into 'sosumi'...
fatal: unable to access 'https://github.com/tylerhall/sosumi.git/': SSL certificate problem: unable to get local issuer certificate
wget在检查证书时返回错误:
➜ ~ wget https://curl.haxx.se/
--2016-03-27 13:36:14-- https://curl.haxx.se/
Resolving curl.haxx.se... 80.67.6.50, 2a00:1a28:1200:9::2
Connecting to curl.haxx.se|80.67.6.50|:443... connected.
ERROR: cannot verify curl.haxx.se's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X1':
Unable to locally verify the issuer's authority.
To connect to curl.haxx.se insecurely, use `--no-check-certificate'.
curl在检查证书时返回错误:
➜ ~ curl https://curl.haxx.se/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
我试过了:
cd /usr/local/share/ca-certificates
wget http://curl.haxx.se/ca/cacert.pem --no-check-certificate
wget http://repo.thireus.com/Packages_robinbird/update-ca-certificates_1.1-2_iphoneos-arm.deb
dpkg -i update-ca-certificates_1.1-2_iphoneos-arm.deb
update-ca-certificates
显示没有效果。
如何一劳永逸地解决认证问题?
答案 0 :(得分:0)
iOS使用它自己的证书存储区,就像OSX一样存储在钥匙串中。它 不是Linux,与越狱毫无关系。这就是为什么,例如,Apple为其构建了自己的Git for OSX版本,它可以访问该证书存储区并且不会抱怨证书。您必须阅读所需的工具,以及他们在哪里搜索可信证书。