【go】centos6.3 下出现fatal unable to access ssl connect error

centos6.3下ssl证书问题导致git clone / curl github的资源都会失败

$ curl -v https://github.com

* About to connect() to github.com port 443 (#0)

* Trying 52.74.223.119... connected

* Connected to github.com (52.74.223.119) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12190

* Error in TLS handshake, trying SSLv3...

> GET / HTTP/1.1

> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2

> Host: github.com

> Accept: */*

>

* Connection died, retrying a fresh connect

* Closing connection #0

* Issue another request to this URL: 'https://github.com'

* About to connect() to github.com port 443 (#0)

* Trying 52.74.223.119... connected

* Connected to github.com (52.74.223.119) port 443 (#0)

* TLS disabled due to previous handshake failure

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12286

* Closing connection #0

* SSL connect error

curl: (35) SSL connect error

$ git clone https://github.com/motemen/gore.git

Cloning into 'gore'...

fatal: unable to access 'https://github.com/motemen/gore.git/': SSL connect error

所以go get等依赖git的工具也会失败。

系统环境:

CentOS release 6.3 (Final)

很大可能是github不在支持老的加密方式,升级到 CentOS 6.8以上即可

https://www.v2ex.com/t/434848

如果不想升级,有什么办法吗?

网上给出的基本上是升级nss相关包

yum update -y nss curl libcurl

可是我这里还是没生效

同遇到该问题, 使用update 并未生效

但经过测试, 看起来是ssl的版本有问题

测试方式:

curl -v https://github.com

提示

* About to connect() to github.com port 443 (#0)

* Trying 192.30.253.112... connected

* Connected to github.com (192.30.253.112) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12190

* Closing connection #0

* SSL connect error

curl: (35) SSL connect error

但是

curl -v --tlsv1 https://github.com

可以拿到正确的页面响应

git 2.6 级以上可以指定ssl 版本号, 两种方式

  1. export export GIT_SSL_VERSION=tlsv1
  2. git config http.sslVersion tlsv1

升级git >= 2.6 设置ssl版本, 试试行不行吧

https://blog.csdn.net/flynetc...
https://www.cnblogs.com/qiumi...

直接绕开ssl认证应该可以?

回答

以上是 【go】centos6.3 下出现fatal unable to access ssl connect error 的全部内容, 来源链接: www.h5w3.com/114260.html

回到顶部