我有一个API,我想在某个域example.com上调用它
我使用以下命令:
openssl s_client -connect example.com:8122
我收到以下错误:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1549297506
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
然后我在短时间(不到一分钟)后再次调用同一命令
然后我得到正确的答案
CONNECTED(00000003)
depth=0 C = SA, L = city, O = Test Name, CN = example.com
verify error:num=26:unsupported certificate purpose
verify return:1
depth=2 C = US, O = "Entrust, Inc.", OU = See fake.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See fake.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = SA, L = city, O = Test Name, CN = example.com
verify return:1
---
Certificate chain
0 s:/C=SA/L=city/O=Test Name/CN=example.com
i:/C=US/O=Entrust, Inc./OU=See fake.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See fake.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
i:/C=US/O=Entrust, Inc./OU=See fake.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
2 s:/C=US/O=Entrust, Inc./OU=See fake.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
i:/C=US/O=Entrust, Inc./OU=See fake.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIRAOI+pN+tCCkRAAAA.
........
cFEUt.....
...
..
.
j7s/oDupiwJzU3LrDvwOS4qelho6W6HxAx7ODv
UOD+qWFfsH3p4du2eA==
-----END CERTIFICATE-----
subject=/C=SA/L=city/O=Test Name/CN=example.com
issuer=/C=US/O=Entrust, Inc./OU=See fake.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4193 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5C5867D5469C0C1F2A565DEFF1F1E4364A260EE0DF7E9EC86CB3110B266F1006
Session-ID-ctx:
Master-Key: 7E73EA963AACB7D60222D9C616065A25CF03FB4FAD32FC577E93BD6051BA4A684FCFCCCA0969F960A7085DC61F76D570
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1549297620
Timeout : 7200 (sec)
Verify return code: 26 (unsupported certificate purpose)
---
如果长时间(超过1分钟)忽略该命令,则会返回错误 ,有人可以帮助我理解为什么它从一开始就返回错误然后又工作了吗?
当我为CAfile提供正确的ca时也会发生此问题