像curl
和wget
这样的命令会出现以下错误:curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled
。我正在使用WSL2 Ubuntu,并且在公司防火墙下。我已经将我的受信任的根CA证书导出到WSL并更新了证书。然而,当下载Jenkins、Terraform等工具时仍然遇到问题。例如,在尝试获取Jenkins时。
curl -fsSL http://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee /usr/share/keyrings/jen
kins-keyring.asc > /dev/null
curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled
我正在使用企业 VPN。如果没有 VPN,命令可以正常工作,但是在企业网络上使用 VPN 时,我会遇到这些错误。如果我与防火墙团队进行 SSL 绕过,则可以解决问题。不确定还有其他问题。
sudo vim /etc/ssl/openssl.cnf
`#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
# Extra OBJECT IDENTIFIER info:
# oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
"/etc/ssl/openssl.cnf" 397L, 12419B `
curl https://publicinfobanjir.water.gov.my/hujan/data-hujan/?state=PLS&lang=en
时,我遇到了相同的错误信息。我通过将https
替换为http
来解决这个问题。这个解决方案可能对一些人有帮助。 - Ahwar