如何使用' curl'调用安全(https)WCF服务 - 仅限GET请求

时间:2018-05-02 09:56:55

标签: wcf ssl curl tls1.2

上下文是我创建了一个WCF服务,使用https在IIS中托管。

我对WCF服务本身没有任何问题,它正在按预期工作;我可以导航到服务页面 https://myhost/VirtualAppOnIIS/Some/WCF/Service/Here/V1 使用浏览器(在我的情况下是IE)。

"锁定"符号显示确定,我可以查看证书信息;更多证书信息是:

  • root CA是Verisign,它颁发了Verisign Intermediate证书 我的服务器证书(让我们称之为" myhost")
  • "密钥用法"设置为关键,目的是:数字签名,不可否认,密钥加密,数据加密(f0)
  • "扩展密钥用法"不存在,所以我可以断定它是未定义的/未由证书颁发者设置(因此该证书可以用作服务器证书或客户端证书)

到目前为止一切顺利。我真正的问题是如何让curl发出/ GET https请求(类似于浏览器的方式)。

尝试#1。

  

curl --tlsv1.2 https://myhost/VirtualAppOnIIS/Some/WCF/Service/Here/V1 -v 

*   Trying 192.168.1.114...
* TCP_NODELAY set
* Connected to myhost (192.168.1.114) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:\SETUPS\curl\curl-ca-bundle.crt   CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unsupported certificate purpose
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1): curl: (60) SSL certificate problem: unsupported certificate purpose 
More details here: https://curl.haxx.se/docs/sslcerts.html 
...etc ... 
If you'd like to turn off curl's verification of the certificate, use  the -k (or --insecure) option.

我们可以在服务器问候(2)后看到错误:

  

SSL证书问题:证书目的不受支持

我确保我在文件curl-ca-bundle.crt(以及其他任何内容)中连接了Intermediate和Root CA两个证书,默认情况下curl会找到它,而且我不相信它' sa链验证问题,似乎是错误消息所建议的证书目的问题。

尝试#2

Bybass https验证,如curl输出所示,使用-k开关。是的,它有效!

  

curl --tlsv1.2 https://myhost/VirtualAppOnIIS/Some/WCF/Service/Here/V1 -v -k 

* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=country; ST=state; O=Some Company PTY LIMITED; CN=myhost
*  start date: Apr 26 00:00:00 2017 GMT
*  expire date: Mar 29 23:59:59 2019 GMT
*  issuer: O=VeriSign; OU=Whatever PKI; CN=Whatever Intermediate CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
 GET /VirtualAppOnIIS/Some/WCF/Service/Here/V1 HTTP/1.1
 Host: myhost
 User-Agent: curl/7.53.1
 Accept: */*

 HTTP/1.1 200 OK
 Cache-Control: private
 Content-Type: text/html; charset=UTF-8
 Server: Microsoft-IIS/8.5
 Set-Cookie: ASP.NET_SessionId=iy1s4q1hwkncywi5m0w0coch; path=/; HttpOnly
 X-AspNet-Version: 4.0.30319
 X-Powered-By: ASP.NET
 Date: Wed, 02 May 2018 07:08:30 GMT
 Content-Length: 3236

<HTML><HEAD>
etc... etc... more html for wcf service page... etc ... etc...
</BODY></HTML>
 Connection #0 to host myhost left intact

所以要重新说明问题,如果它是证书。目的问​​题(如在尝试#1中所建议的),什么证书。目的或设置或配置是否需要(在颁发证书时)以使curl和WCF与TLS一起工作?

顺便说一下,我在https://winampplugins.co.uk/curl/

的Windows上使用curl

0 个答案:

没有答案
相关问题
最新问题