Curl occurs when requesting HTTPS resources 400

Source: Internet
Author: User
Tags ranges ssl connection

A new domain name is configured on Nginx, and it is customary to use curl request to see if there are any configuration errors.

Because it's HTTPS, so

$curl ' https://test.test.com/'-x 127.0.0.1:443-i-L http/1.1-Bad  Request  server:nginx/1.9.12  Date: Mon, Geneva 07:56:21 GMT  content-type:text/html  content-length:173  connection:close    Curl: (56) Received HTTP code-from-proxy after CONNECT  

It's 400. Tot

With a browser tied to the hosts, normal return ... @[email protected]

I'm sure curl is bad for some parameters.

Look at the server above the access log, see the shape of the following access logs

[08/aug/2016:16:07:27 +0800] "CONNECT test.test.com:443 http/1.1" 400 173 "-" "-" "-"  

Decisive first take Baidu to open brush

# curl ' https://www.baidu.com/'-i-l-V * about-to-connect () to www.baidu.com port 443 (#0) * Trying 14.215.177.38 ... Connected * connected to www.baidu.com (14.215.177.38) port 443 (#0) * Initializing NSS with Certpath:sql:/etc/pki/nss DB * Cafile:/ETC/PKI/TLS/CERTS/CA-BUNDLE.CRT capath:none * SSL connection using Tls_rsa_with_aes_128_cbc_sha * S Erver Certificate: * <span style= "White-space:pre" > </span>subject:cn=baidu.com,ou=service operation department,o= "Beijing Baidu netcom Science Technology Co., Ltd.", L=BEIJING,ST=BEIJING,C=CN * <span style= " White-space:pre "> </span>start date:sep 00:00:00 GMT * <span style=" White-space:pre "> </span >expire Date:aug 23:59:59 GMT * <span style= "White-space:pre" > </span>common name:baidu.com * <span style= "White-space:pre" > </span>issuer:cn=verisign Class 3 International Server ca-g3,ou=terms of US E at Https://www.verisign.com/rpa (c) 10,ou=verisign Trust network,o= "VeriSign, Inc.", C=us > get/http/1.1 > user-agent:curl/7.19.7 (x86_64-redhat-linux-gn u) libcurl/7.19.7 nss/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host:www.baidu.com > Accept: */*  ; < http/1.1 http/1.1 OK < server:bfe/1.0.8.14 server:bfe/1.0.8.14 < Date:mon, 2016 08:11: GMT Date:mon, 08:11:00 GMT < content-type:text/html content-type:text/html < Content-length:2 content-length:227 < connection:keep-alive connection:keep-alive < Last-modified:thu, Oct 2014 10:47:5 7 GMT Last-modified:thu, Oct 10:47:57 GMT < Set-cookie:bd_not_https=1; path=/; Max-age=300 Set-cookie:bd_not_https=1; path=/; max-age=300 < set-cookie:bidupsid=4264f64d03a9a0d1fe68735bbb55ff4e; Expires=thu, 31-dec-37 23:55:55 GMT; max-age=2147483647; path=/; Domain=.baidu.com set-cookie:bidupsid=4264f64d03a9a0d1fe68735bbb55ff4e; Expires=thu, 31-dec-37 23:55:55GMT; max-age=2147483647; path=/; Domain=.baidu.com < set-cookie:pstm=1470643860; Expires=thu, 31-dec-37 23:55:55 GMT; max-age=2147483647; path=/; Domain=.baidu.com set-cookie:pstm=1470643860; Expires=thu, 31-dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com < p3p:cp= "OTI DSP cor IVA our ind com ' p3p:cp=" OTI DSP Cor IVA our IND com "< X-ua-compat Ible:ie=edge,chrome=1 x-ua-compatible:ie=edge,chrome=1 < Pragma:no-cache Pragma:no-cache < Cache-control:no -cache Cache-control:no-cache < strict-transport-security:max-age=0 strict-transport-security:max-age=0 < ACC Ept-ranges:bytes Accept-ranges:bytes < set-cookie: __bsi=13639875133713009970_00_301_n_n_1_0301_002f_n_n_n_0; Expires=mon, 08-aug-16 08:11:05 GMT; domain=www.baidu.com; path=/Set-cookie: __bsi=13639875133713009970_00_301_n_n_1_0301_002f_n_n_n_0; Expires=mon, 08-aug-16 08:11:05 GMT; domain=www.baidu.com; path=/< 
</pre><pre name="code" class="plain">  
# Curl'https://www.baidu.com/'-i-l-v-x'103.235.46.39:443'###103.235. $.39 is running to8.8.8.8dns out of IP* About-connect () to Proxy103.235.46.39Port443(#0)  * Trying103.235.46.39. .. connected* Connected to103.235.46.39(103.235.46.39) port443(#0)  <pre name="Code"class="Plain">* Establish HTTP proxy tunnel to www.baidu.com:443> CONNECT www.baidu.com:443http/1.1
> Host:www.baidu.com:443> user-agent:curl/7.19.7(X86_64-REDHAT-LINUX-GNU) libcurl/7.19.7nss/3.21Basic ECC zlib/1.2.3libidn/1.18libssh2/1.4.2> proxy-connection:keep-alive>< http/1.1 302Moved temporarilyhttp/1.1 302Moved temporarily< server:bfe/1.0.8.14server:bfe/1.0.8.14< Date:mon, ,The .  -: the: -Gmtdate:mon, ,The .  -: the: -gmt< content-type:text/htmlcontent-type:text/html< content-length:161content-length:161< connection:closeconnection:close< Location:https://www.baidu.com/search/error.htmlLocation:https://www.baidu.com/search/error.html<* Received HTTP code 302 from proxy after connect* Closing connection #0curl: ($) Received HTTP Code 302 from Pro XY after CONNECT

Two requests Baidu homepage, the difference is-x this parameter, thus determines is this parameter to cause the curse

Actually, we'll notice that there are two lines.

* Establish HTTP Proxy tunnel to www.baidu.com:443  > CONNECT www.baidu.com:443 http/1.1   

Curl-x parameter, the man document inside the description of this parameter, the first sentence is ' Use the specified proxy '

The reason for this is that Curl uses 127.0.0.1:443 as an HTTP proxy because of the-x parameter.

For HTTPS requests, curl initiates a connect request to proxy first

However, Nginx does not implement the Connect method

Causes Direct Client Error

Workaround, now only to see the way around the past, change the way the request

# This request will report an  error, and the certificate will be reported ' HTTPS://127.0.0.1/ ' ' Host:test.test.com ' -i-l-v  -K, does not validate the certificate,  the request succeeds 'https://127.0.0.1/'  'Host:test.test.com' -i-l-v-k  

Reference: http://blog.csdn.net/tacuhuh/article/details/52152695

Curl occurs when requesting HTTPS resources 400

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.