无法验证第一个证书 [英] Unable to verify the first certificate
问题描述
我有一个目录,其中包含证书捆绑包,Python脚本和Node脚本.这两个脚本都向相同的URL发出GET请求,并且提供了相同的证书捆绑包. Python脚本按预期发出请求,但是节点脚本抛出此错误:
I have a directory containing a certificate bundle, a Python script and a Node script. Both scripts make a GET request to the same URL and are provided with the same certificate bundle. The Python script makes the request as expected however the node script throws this error:
{[错误:无法验证第一个证书]代码:'UNABLE_TO_VERIFY_LEAF_SIGNATURE'}
{ [Error: unable to verify the first certificate] code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
Python脚本(Python 3.4.3和请求库) :
The Python script (Python 3.4.3 and the requests library):
import requests
print(requests.get(url, verify='/tmp/cert/cacert.pem'))
节点脚本(节点4.2.6和请求库) :
The node script (Node 4.2.6 and the request library):
var fs = require('fs');
var request = require('request');
request.get({
url: url,
agentOptions: {
ca: fs.readFileSync('/tmp/cert/cacert.pem')
}
}, function (error, response, body) {
if (error) {
console.log(error);
} else {
console.log(body);
}
});
两者都使用相同的OpenSSL版本:
Both are using the same OpenSSL version:
$ python -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.0.2e-fips 3 Dec 2015
$ node -pe process.versions.openssl
1.0.2e
我不认为证书捆绑包存在问题,并且我不想在Node中关闭主机验证.
I don't believe the problem to be with the certificate bundle and I don't want to turn off host verification in Node.
有人知道为什么Node抛出此错误吗?
Does anybody know why Node is throwing this error?
推荐答案
文档描述ca选项如下:
ca:PEM格式的字符串,缓冲区的字符串或可信证书的字符串或缓冲区.如果省略此选项,将使用多个众所周知的根" CA,例如VeriSign.这些用于授权连接.
因此,它不希望包含CA捆绑包.修复很简单,只需像这样拆分捆绑包:
So it doesn't expect a CA bundle. The fix is simple however, just split the bundle like so:
var fs = require('fs');
var request = require('request');
var certs = fs.readFileSync('/tmp/cert/cacert.pem').toString().split("\n\n");
request.get({
url: url,
agentOptions: {
ca: certs
}
}, function (error, response, body) {
if (error) {
console.log(error);
} else {
console.log(body);
}
});
这篇关于无法验证第一个证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
