在持久的SSL连接上,Curl会停止并出现错误

时间:2017-01-18 09:06:32

标签: curl

我需要将https连接到服务器,服务器将计算很长的计算(> 5分钟)。为了模拟连接,我制作了一个睡眠一段时间的spring mvc控制器。

当我在5分钟后开始请求时,我从卷曲中收到错误。所以在linux上卷曲我得到:

-bash-4.1$ curl -v --tlsv1 --keepalive-time 330 -X POST -F "sec=310" https://example.com/general/sleep
* About to connect() to example.com port 443 (#0)
*   Trying <ip>... connected
* Connected to example.com (<ip>) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=*.example.com,OU=Gandi Standard Wildcard SSL,OU=Domain Control Validated
*       start date: Apr 29 00:00:00 2015 GMT
*       expire date: Jul 28 23:59:59 2018 GMT
*       common name: *.example.com
*       issuer: CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR
> POST /general/sleep HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: example.com
> Accept: */*
> Content-Length: 141
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------e2ab66c15d1a
>
< HTTP/1.1 100 Continue
* SSL read: errno -5961
* Closing connection #0
curl: (56) SSL read: errno -5961

postman上,相同的请求有效。如果连接时间短于5分钟,请求也会起作用。

在Windows上的cygwin下,curl也会出现相同的问题(但是会有稍微不同的错误信息):

$ curl -v --tlsv1 --keepalive-time 330 -X POST -F "sec=310" https://example.com/general/sleep
Warning: Keep-alive functionality somewhat crippled due to missing support in
Warning: your operating system!
* STATE: INIT => CONNECT handle 0x6000574b0; line 1075 (connection #-5000)
* Added connection 0. The cache now contains 1 members
*   Trying 193.73.238.220...
* STATE: CONNECT => WAITCONNECT handle 0x6000574b0; line 1128 (connection #0)
* Connected to example.com (<ip>) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000574b0; line 1225 (connection #0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x6000574b0; line 1239 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*        subject: OU=Domain Control Validated; OU=Gandi Standard Wildcard SSL; CN=*.example.com
*        start date: 2015-04-29 00:00:00 GMT
*        expire date: 2018-07-28 23:59:59 GMT
*        subjectAltName: example.com matched
*        issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*        SSL certificate verify ok.
* STATE: PROTOCONNECT => DO handle 0x6000574b0; line 1260 (connection #0)
> POST /general/sleep HTTP/1.1
> Host: example.com
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 141
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------0e215aa5d70f368d
>
* STATE: DO => DO_DONE handle 0x6000574b0; line 1322 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000574b0; line 1449 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000574b0; line 1459 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 100 Continue
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Curl_done
* Closing connection 0
* The cache now contains 0 members
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

1 个答案:

答案 0 :(得分:0)

目前尚不清楚它为何与邮递员合作。但问题是涉及的BigIP防火墙在连接时默认超时为300秒,它确实终止了连接。