Docker容器无法发出任何HTTPS请求

4xrmg8kj  于 2023-03-07  发布在  Docker
关注(0)|答案(1)|浏览(238)

我可以在我的M1 Mac上做curl/wget,没有任何问题。
然而,如果我尝试在我的机器上通过Docker容器来做,我会遇到SSL握手问题。它不是特定于任何图像的。它会发生在我尝试的每一个图像上。它在我的其他机器上工作得很好。

* SSL certificate problem: unable to get local issuer certificate
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

可能是什么原因呢?
简单的谷歌也显示了类似的错误。

root@bf822b52d200:/# curl -v https://google.com
*   Trying 64.233.185.139:443...
* Connected to google.com (64.233.185.139) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

步骤:

docker run -it alpine/curl sh
curl -v https://www.google.com

目前为止我尝试的:

  • 我有M1 mac我重启了试过
  • 卸载并重新安装了Docker.没有帮助

注:
我在玩openssl不知道是不是搞砸了什么

8ehkhllq

8ehkhllq1#

如果curl遇到SSL证书问题,可以通过向curl传递-k选项来忽略证书验证:
curl -k -v https://google.com
要确定您从Docker Hub下载了哪个Docker映像,特别是alpine/curl:latest映像的存储库摘要,您可以通过运行以下命令检查映像存储库摘要:
docker inspect alpine/curl:latest | jq -r '.[]["RepoDigests"][0]'
要确定curl文件正在使用的CA证书,可以通过运行以下命令进行检查:

apk add strace
strace curl -v https://google.com

如果您怀疑网站的SSL证书已被篡改,可以通过运行以下命令下载网站证书:

apk add openssl
openssl s_client -connect google.com:443 -showcerts

然后,您可以通过验证本地CA证书是否可以正确验证网站证书来解决此问题。
如果您仍然遇到问题,请提供Docker映像存储库摘要、strace输出和问题发生时下载的证书。

相关问题