Vypnutie kontroly platnosti SSL certifikátu
V prípade, že používate self-signed SSL certifikát a potrebujete otestovať nastavenia webservera, kontrolu platnosti certifikátu vypnete nasledovne:
wget¶
Bez voľby --no-check-certificate request zlyhá na chybe:
wget -O - https://my.hostname.sk
--2012-10-02 22:18:39-- https://my.hostname.sk/
Resolving my.hostname.sk (my.hostname.sk)... 109.74.151.140
Connecting to my.hostname.sk (my.hostname.sk)|109.74.151.140|:443... connected.
ERROR: The certificate of ‘my.hostname.sk’ is not trusted.
ERROR: The certificate of ‘my.hostname.sk’ hasn't got a known issuer.
curl¶
Pre curl vyzerá voľba obdobne:
curl https://my.hostname.sk
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
GET¶
Debugovací nástroj GET z balíka libwww-perl je utilitka napísaná v Perle, fungujú teda rovnaké premenné prostredia ako pre knižnicu OpenSSL v Perle:
file /usr/bin/GET
/usr/bin/GET: symbolic link to `lwp-request'
file /usr/bin/lwp-request
/usr/bin/lwp-request: Perl script, ASCII text executable
PERL_LWP_SSL_VERIFY_HOSTNAME=0 GET -e -S https://my.hostname.sk
Perl¶
Pre Perl potrebujete trošku poznať vnútornosti OpenSSL knižnice, takže príslušná voľba sa zisťuje ťazšie, ale toto je ona: