使用 curl 或 wget 连接网站的时候怎样忽略 SSL 证书错误

系统 Linux
在默认情况下,cURL 使用 SSL 证书进行连接,如果指定的网站配置错误或证书过期,则会引发错误。下面我们看一下如何忽略其中的 SSL 证书错误。

当我们使用 curl 命令访问网站的时候,有时候可能会得到一个 SSL 证书错误:

这是因为在默认情况下,cURL 使用 SSL 证书进行连接,如果指定的网站配置错误或证书过期,则会引发错误。

下面我们看一下如何忽略其中的 SSL 证书错误。

使用 cURL 忽略 SSL 证书错误

一般来说,直接忽略错误然后继续连接故障网站是不推荐的。但是如果你信任该网站,那就可以。

使用 curl 的时候,附带 --insecure 选项可以忽略 ssl 证书错误,如下代码:

$ curl https://expired.badssl.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

另外,也可以使用 -k 选项,其与 --insecure 的效果是相同的:

$ curl --insecure https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>

</body>
</html>

对所有 SSL 连接都使用 --insecure 选项

注意:除非在隔离或测试环境下可以执行此操作,否则不建议这样做。

你可以使用如下命令将 insecure 添加到 curl 配置文件中:

echo "insecure" >> ~/.curlrc

然后,在不使用 --insecure 选项的情况下,再次直接使用 curl 连接 html地址,也是可以成功的:

$ curl https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>

</body>
</html>

忽略 wget 的 SSL 证书错误

如果某个指定的网站配置错误或证书过期,而使用 wget 命令下载该网站中的文件时,也会出现 SSL 证书错误:

$ wget https://expired.badssl.com
--2022-11-17 14:35:55-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
To connect to expired.badssl.com insecurely, use `--no-check-certificate'.

默认情况下,wget会检查有效的SSL证书,以便您可以建立可靠的连接,如果没有,则会抛出一个错误,表示颁发的证书已过期。

要忽略 ssl 错误,可以使用  --no-check-certificate 选项,让它不检查 ssl 证书:

$ wget --no-check-certificate https://expired.badssl.com
--2022-11-17 15:18:07-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.1’

index.html.1 100%[===================>] 494 --.-KB/s in 0s

2022-11-17 15:18:08 (209 MB/s) - ‘index.html.1’ saved [494/494]

跳过认证检查

要在每次访问损坏的 SSL 站点的时候跳过证书检查,只需要在 wget 配置文件中添加 check-certificate = off 即可,这样在访问的时候就可以不添加 --no-check-certificate 选项了:

$ wget https://expired.badssl.com
--2022-11-17 15:41:50-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.2’

index.html.2 100%[===================>] 494 --.-KB/s in 0s

2022-11-17 15:41:51 (191 MB/s) - ‘index.html.2’ saved [494/494]


责任编辑:庞桂玉 来源: TIAP
相关推荐

2013-09-02 13:21:35

2009-08-27 17:23:57

SSL证书网站安全

2009-08-14 14:55:27

EV SSL证书eBayTravelocity

2021-01-26 21:00:24

SSL证书网络安全加密

2019-11-20 10:11:57

网络钓鱼SSL证书加密

2020-01-09 10:42:44

SSL证书监控

2021-09-18 09:19:21

Linux

2014-11-19 16:35:01

思科

2021-06-06 08:26:03

SSL服务器IP

2022-11-21 10:56:14

UbuntuLinux

2009-08-14 13:34:21

SSL证书 EV SSL在线交易

2018-02-10 17:59:10

LinuxcURLwget

2010-12-02 10:05:24

2017-09-27 09:41:44

2009-08-25 08:59:17

SSL证书网安全产品天威诚信

2009-08-27 08:51:37

EV SSL证书

2009-08-14 16:29:04

2021-06-03 14:57:05

SSL证书SSL协议服务器

2023-10-31 07:21:05

开源安全工具
点赞
收藏

51CTO技术栈公众号