正如標題所示,我正在嘗試使用通過 oauth2 授予的令牌發送 Post 請求,問題是請求被服務器拒絕并且錯誤代碼是
OpenSSL 錯誤訊息:錯誤:14094410:SSL 例程:ssl3_read_bytes:sslv3 警報握手失敗
我的代碼:
$url = "https://webserviceapl.anaf.ro/test/FCTEL/rest/upload?standard=UBL&cif=18220220";
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"Accept: application/json",
"Authorization: Bearer /*my token here*/",
"Content-Type: application/json",
"Content-Length: 0",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
//curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
var_dump($err);
var_dump($resp);
我嘗試禁用導致相同錯誤的 ssl 驗證。
我的印象是服務器希望我提供不記名令牌以外的其他內容,例如
//curl_setopt($curl, CURLOPT_CAINFO, $caFile);
//curl_setopt($curl, CURLOPT_SSLKEY, $keyFile);
//curl_setopt($curl, CURLOPT_SSLCERT, $certFile);
//curl_setopt($curl, CURLOPT_SSLCERTPASSWD, $certPass);
但我不知道從哪里獲得有效證書。
不記名令牌(如果這是我得到的)是通過 Postman 應用程式授予我的。流程是:使用用戶名/密碼注冊,獲得用戶 ID/密碼,設定身份驗證 url,回呼 url,令牌 url,從郵遞員發出請求,服務器給了我一個代碼,我用它交換了令牌。在交換時刻,服務器要求存盤在拇指驅動器上的證書。我輸入了拇指密碼并收到了令牌。拇指本身已為我的公司注冊到他們的系統中。
任何為我指明正確方向的幫助表示贊賞
打開 ssl 標記我這邊的自簽名證書存在問題,并且沒有發送客戶端證書 CA 名稱。它指向與我的代碼相同的錯誤,意思是:50370000:error:0A000410:SSLroutines:ssl3_read_bytes:sslv3 alert handshake failure:ssl\record\rec_layer_s3.c:1584:SSL alert number 40
C:\Users\77BBA>openssl s_client -showcerts -servername webserviceapl.anaf.ro -connect webserviceapl.anaf.ro:443
CONNECTED(000001AC)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022 CA1
verify return:1
depth=0 CN = *.anaf.ro
verify return:1
50370000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl\record\rec_layer_s3.c:1584:SSL alert number 40
---
Certificate chain
0 s:CN = *.anaf.ro
i:C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022 CA1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 16 00:00:00 2022 GMT; NotAfter: Sep 16 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIHhjCCBW6gAwIBAgIQD3EWjbe8XpRkIZ5HV4H7IzANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjIwOTE2MDAwMDAwWhcNMjMwOTE2MjM1OTU5WjAUMRIwEAYDVQQDDAkqLmFuYWYu
cm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvVtPBtnNqMFOBVR6E
xWwFcvajFV/sF3nhWTtYVGVi5BRF6ZyMQLRkvp/H9b9hwZZJxvqV6tudMJx7Aoee
itzmoL9togWLXKBlSSJIxrhULH9eiG7H39R KJ0BoRYmuVbL2Ycza6zAhFF1dtyu
B3ArITpBGusgULSCBMoJVOrpfXY5IUIQREv/ael/Vc/zAtyzcYRGYdbzIJkKi2n
Qu/7i7y7f/p70he8xqNYRCX3Z72qg83W8five 0TPf9F9HutmolKjDWv6kK6Krh4
hHUiINMHT57uRHIiBfzY7yoKtIduGqUbhaL5FgmnWaP2bOhvQ DQkrbLA KzG5yP
Jqx3AgMBAAGjggOKMIIDhjAfBgNVHSMEGDAWgBTwnIX9op99j8lou9XUiU0dvtOQ
/zAdBgNVHQ4EFgQUUvGNbwLTelD2DQlF4p0GyyJ/jwIwHQYDVR0RBBYwFIIJKi5h
bmFmLnJvggdhbmFmLnJvMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMu
ZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJD
QTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vUmFwaWRTU0xH
bG9iYWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcmwwPgYDVR0gBDcwNTAzBgZn
gQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
ZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
L1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEuY3J0MAkGA1Ud
EwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AOg 0No 9QY1MudXKLyJ
a8kD08vREWvs62nhd31tBr1uAAABg0U4G3IAAAQDAEcwRQIgXKXP6DyHVLE6JjKH
6EdCbQ7Z8/jItUgCS8SQUNf4 FsCIQDLeSgcBVBYX9U23rJDS6lU/9xvqy1IrzX3
58OzDUzGSAB2ADXPGRu/sWxXvw tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAABg0U4
G7IAAAQDAEcwRQIgAVrKviO7Hfs1/ ECK9tj8veA250WD3Kshh9XlR2rlnsCIQDx
FGyhayXK2XGbooiOxh4dQ6AEm/dmqSHj0bPywRfXiQB1ALNzdwfhhFD4Y4bWBanc
EQlKeS2xZwwLh9zwAw55NqWaAAABg0U4G oAAAQDAEYwRAIgd0uk8Rgo1nECf2sa
iFWmPFAcrbnSAB2ZmpgjkmP22mYCIEPh2eUFRVB7YsQfCM9QehZNiFpXRg6zQ4Da
aIWWiWftMA0GCSqGSIb3DQEBCwUAA4ICAQAs4jrVxMPmq2v4j8aK8oUhGWPjaKot
CjRS4QA/DhSYOL7qcDDaRmx90p9SVtXTSm SfVYKgHAFL7rWZ w0YZnKMFzrKavk
zMqyA8IsFTEGMvL/lOu8uGD7Jbxm81dwBUHrynUXr6Y24T3hlVjo7OjfSfd7hL3x
hgH0DA3d7B5 jFVogxrzJeqw ZQAOWYo YKTqxIfcaOZKzHIs1EjqBHwK6JUkOj1
J 2cYDT8hSGPwaNpeJ5YKVWwYtLM9JPWsZOCrzZHwCshu8kD5sgpZFmLNnclJZcn
mb65/ccoHVsxQl2pK3N8GUBddronSWoTIjnbC /FsphYNYhGy9nSTkKCU8KawiaD
3 c3lucnS3VmTqHTclvIVQazWq5eEDkNPtZSrTxyNWTJXPHhRomAOFc4YP3xYYmi
e96Ff6SRe El0E38Y0bqv4fn6GmOoTnn2N4SNE3bZL42o0y37Ft800KI8dfhYxAl
Cqe1iGFLyLPF8IxXNKdNZLppQoriDQcPHkP9ReRmBJX1d0Ge39/QD7Wmee6pK1ku
mfg0cF0Poj0IzIpPcS3chIpO57lz3Xf3IRoea68aXEPwbPfsg1dD8rj ZS0iqrGh
4ZAXu8rMEyy1VXUklfCIcGDeNzQZ8JJSGKKpaYq3VazcHxEMUOtm7ZE tXO7pnG
efpIQNy9XE/14w==
-----END CERTIFICATE-----
1 s:C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022 CA1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: May 4 00:00:00 2022 GMT; NotAfter: Nov 9 23:59:59 2031 GMT
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIQCgWbJfVLPYeUzGYxR3U4ozANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMjA1MDQwMDAwMDBaFw0zMTExMDkyMzU5NTlaMFwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE0MDIGA1UEAxMrUmFwaWRTU0wgR2xv
YmFsIFRMUyBSU0E0MDk2IFNIQTI1NiAyMDIyIENBMTCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAKY5PJhwCX2UyBb1nelu9APen53D5 C40T BOZfSFaB0
v0WJM3BGMsuiHZX2IHtwnjUhLL25d8tgLASaUNHCBNKKUlUGRXGztuDIeXb48d64
k7Gk7u7mMRSrj yuLSWOKnK6OGKe9 s6oaVIjHXY QX8p2I2S3uew0bW3BFpkeAr
LBCU25iqeaoLEOGIa09DVojd3qc/RKqr4P11173R 7Ub05YYhuIcSv8e0d7qN1sO
1 lfoNMVfV9WcqPABmOasNJ ol0hAC2PTgRLy/VZo1L0HRMr6j8cbR7q0nKwdbn4
Ar ZMgCgCcG9zCMFsuXYl/rqobiyV 8U37dDScAebZTIF/xPEvHcmGi3xxH6g dT
CjetOjJx8sdXUHKXGXC9ka33q7EzQIYlZISF7EkbT5dZHsO2DOMVLBdP1N1oUp0/
1f6fc8uTDduELoKBRzTTZ6OOBVHeZyFZMMdi6tA5s/jxmb74lqH1 jQ6nTU2/Mma
hGNxUuJpyhUHezgBA6sto5lNeyqc 3Cr5ehFQzUuwNsJaWbDdQk1v7lqRaqOlYjn
iomOl36J5txTs0wL7etCeMRfyPsmc 8HmH77IYVMUOcPJb 0gNuSmAkvf5QXbgPI
Zursn/UYnP9obhNbHc/9LYdQkB7CXyX9mPexnDNO7pggNA2jpbEarLmZGi4grMmf
AgMBAAGjggGCMIIBfjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTwnIX9
op99j8lou9XUiU0dvtOQ/zAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo IbG8OXsj3R
VTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
RGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYD
VR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEwCAYGZ4EMAQIBMAgGBmeBDAEC
AjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAfjh/s1f5dDdfm0sNm74/dW
MbbsxfYV1LoTpFt 3MSUWvSbiPQfUkoV57b5rutRJvnPP9mSlpFwcZ3e1nSUbi2o
ITGA7RCOj23I1F4zk0YJm42qAwJIqOVenR3XtyQ2VR82qhC6xslxtNf7f2Ndx2G7
Mem4wpFhyPDT2P6UJ2MnrD FC//ZKH5/ERo96ghz8VqNlmL5RXo8Ks9rMr/Ad9xw
Y4hyRvAz5920myUffwdUqc0SvPlFnahsZg15uT5HkK48tHR0TLuLH8aRpzh4KJ/Y
p0sARNb 9i1R4Fg5zPNvHs2BbIve0vkwxAy R4727qYzl3027w9jEFC6HMXRaDc=
-----END CERTIFICATE-----
2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
v:NotBefore: Nov 10 00:00:00 2006 GMT; NotAfter: Nov 10 00:00:00 2031 GMT
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz EkIYIvUX7Q6hL hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp dWOIrWcBAI 0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = *.anaf.ro
issuer=C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022 CA1
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA SHA256:DSA SHA256:ECDSA SHA256:RSA SHA384:DSA SHA384:ECDSA SHA384:RSA SHA512:DSA SHA512:ECDSA SHA512:RSA SHA1:DSA SHA1:ECDSA SHA1
Shared Requested Signature Algorithms: RSA SHA256:DSA SHA256:ECDSA SHA256:RSA SHA384:DSA SHA384:ECDSA SHA384:RSA SHA512:DSA SHA512:ECDSA SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4876 bytes and written 465 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A9F5C347ED68A6DA711C963E34102EC0923BB3B6B5546A35C8C2801DC5603F92
Session-ID-ctx:
Master-Key: 902B17A4EE2A1806BC8238AF23E4B0B1F7F70A5C38E11B81124BCBC444834A8C2BD5B944F243970551A522D1213532E3
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1666949305
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: yes
---
uj5u.com熱心網友回復:
我的印象是服務器希望我提供不記名令牌以外的其他內容,例如
正確的。服務器想要一個客戶端證書并抱怨如果沒有提供。使用 curl 時可以看到這一點:
...
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
...
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
但我不知道從哪里獲得有效證書。
預期的客戶端證書取決于服務器的要求。它似乎不接受一些隨機證書。這類似于服務器期望任何其他形式的身份驗證,它也不會接受一些隨機的用戶名和密碼。
因此,如果您想訪問服務器,您必須與服務器提供商或他們的檔案核實您實際需要什么證書以及如何獲取它。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/524551.html
標籤:ssl卷曲