解决 cURL 77 错误:error setting certificate verify locations

欧文斯 2021/11/16 运维 评论(0) 浏览(6644) 点赞(4) 字数(267) 简阅
小助手读文章 00:00 / 00:00

温馨提示:
本文所述内容具有依赖性,可能因软硬条件不同而与预期有所差异,故请以实际为准,仅供参考。

系统是 Ubuntu 18.04,在执行批量添加 IP 黑名单到 CloudFlare 时发生错误:

root@py-hk:~# ./add_blacklist_j.sh
正在添加第 1 个 IP: 1.15.182.0/24
curl: (77) error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
正在添加第 2 个 IP: 1.192.195.0/24
curl: (77) error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
^C
root@py-hk:~# curl -I https://www.google.com
curl: (77) error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs

换了几台机子结果还是一样的错误,系统都是 Ubuntu18,所以猜测应该是某一次更新出了问题。

看错误提示是验证 CA 文件(/etc/ssl/certs/ca-certificates.crt)时出错,所以检查一下 ca-certificates.crt,先重新安装一下试试:

root@py-hk:~# apt install --reinstall ca-certificates
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 145 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://asia-east2-b.gce.clouds.archive.ubuntu.com/ubuntu bionic-updates/main amd64 ca-certificates all 20210119~18.04.2 [145 kB]
Fetched 145 kB in 1s (109 kB/s)           
Preconfiguring packages ...
(Reading database ... 147421 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20210119~18.04.2_all.deb ...
Unpacking ca-certificates (20210119~18.04.2) over (20210119~18.04.2) ...
Setting up ca-certificates (20210119~18.04.2) ...
Updating certificates in /etc/ssl/certs...
2 added, 0 removed; done.
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ca-certificates (20210119~18.04.2) ...
Updating certificates in /etc/ssl/certs...
2 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

再测试一下:

root@py-hk:~# curl -I https://www.google.com
curl: (77) error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs

错误依旧,正常来讲重装可以解决,解决不了就是自己的配置问题
看到在重装过程中,有对新安装的 ca-certificates 进行了更新:

......
Updating certificates in /etc/ssl/certs...
2 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
......

所以检查一下是不是自己添加了 CA 证书进来,直接看 /etc/ssl/certs/ca-certificates.crt,从下往上:

root@py-hk:~# vim /etc/ssl/certs/ca-certificates.crt 
......
piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR
LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX
5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO
dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul
9XXeifdy
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU^M
QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X^M
DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1^M
eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw^M
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1^M
g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn^M
9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b^M
/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU^M
CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff^M
awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI^M
......

果然发现问题,有一段证书每行结束都多了一个 ^M,回想了一下自己添加的证书是先从网上复制到 Windows 记事本,然后再传到 Ubuntu 上,这个 ^M 就是 Windows 编辑过的文件传到 Linux 上会产生的字符(^M是使用 Ctrl-V Ctrl-M 而不是字面上的 M^)。

找到问题所在了,把 M^ 删掉(比如 vim 下 :%s/^M//g)后再试试:

root@py-hk:~# curl -I https://www.google.com
HTTP/2 200 
content-type: text/html; charset=ISO-8859-1
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Tue, 16 Nov 2021 07:51:42 GMT
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
expires: Tue, 16 Nov 2021 07:51:42 GMT
cache-control: private
set-cookie: 1P_JAR=2021-11-16-07; expires=Thu, 16-Dec-2021 07:51:42 GMT; path=/; domain=.google.com; Secure
set-cookie: NID=511=e4VoswV91J95rbpgolrn5SdDT7XLfda_8wyOY9t2FH_u8aCpQPFDKBhMILvQp_Vdq0UlDeQytD8Iobe8Bw8qKqr93bYZXSpxtNjtgVo7bCY4RXAm70Yqpb4SqklPUQJQgVD2cTLz3KCCqej1maK7Mt4IW-Ep9-rbNhPgjxwkO14; expires=Wed, 18-May-2022 07:51:42 GMT; path=/; domain=.google.com; HttpOnly

搞定!

ArmxMod for Typecho
个性化、自适应、功能强大的响应式主题

推广

 继续浏览关于 linuxcurlopenssl解决方案 的文章

 本文最后更新于 2021/11/16 16:25:28,可能因经年累月而与现状有所差异

 引用转载请注明: VirCloud's Blog > 运维 > 解决 cURL 77 错误:error setting certificate verify locations