0
httpsでサーバーに接続する必要があるため、サーバーは非常に長い計算時間(> 5分)を計算します。接続をシミュレートするために、私はしばらくの間スリープするspring mvcコントローラを作った。長続きするSSL接続のエラーでカールが終了する
5分後にリクエストを開始すると、カールからエラーが発生します。だから、カールとLinux上で私が取得:postmanオン
-bash-4.1$ curl -v --tlsv1 --keepalive-time 330 -X POST -F "sec=310" https://example.com/general/sleep
* About to connect() to example.com port 443 (#0)
* Trying <ip>... connected
* Connected to example.com (<ip>) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.example.com,OU=Gandi Standard Wildcard SSL,OU=Domain Control Validated
* start date: Apr 29 00:00:00 2015 GMT
* expire date: Jul 28 23:59:59 2018 GMT
* common name: *.example.com
* issuer: CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR
> POST /general/sleep HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: example.com
> Accept: */*
> Content-Length: 141
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------e2ab66c15d1a
>
< HTTP/1.1 100 Continue
* SSL read: errno -5961
* Closing connection #0
curl: (56) SSL read: errno -5961
同じ要求が働きます。接続が5分より短い場合は、リクエストも機能します。
同じ(やや異なるエラーメッセージでは)また、Windows上でcygwinの下にカールして起こる:
$ curl -v --tlsv1 --keepalive-time 330 -X POST -F "sec=310" https://example.com/general/sleep
Warning: Keep-alive functionality somewhat crippled due to missing support in
Warning: your operating system!
* STATE: INIT => CONNECT handle 0x6000574b0; line 1075 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying 193.73.238.220...
* STATE: CONNECT => WAITCONNECT handle 0x6000574b0; line 1128 (connection #0)
* Connected to example.com (<ip>) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000574b0; line 1225 (connection #0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x6000574b0; line 1239 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Domain Control Validated; OU=Gandi Standard Wildcard SSL; CN=*.example.com
* start date: 2015-04-29 00:00:00 GMT
* expire date: 2018-07-28 23:59:59 GMT
* subjectAltName: example.com matched
* issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
* SSL certificate verify ok.
* STATE: PROTOCONNECT => DO handle 0x6000574b0; line 1260 (connection #0)
> POST /general/sleep HTTP/1.1
> Host: example.com
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 141
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------0e215aa5d70f368d
>
* STATE: DO => DO_DONE handle 0x6000574b0; line 1322 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000574b0; line 1449 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000574b0; line 1459 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 100 Continue
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Curl_done
* Closing connection 0
* The cache now contains 0 members
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
これは、Red HatのバグBug 895339に関連している可能性があります。「この問題は、Red HatがBug 895339の下で追跡しています。このバグの状況については、Red Hat Global Support Servicesにお問い合わせください。 – gile
ありがとう@gile、しかし、私は赤い帽子のバグトラッカーのバグ895339にアクセスする権利がありません。私はcgwinの下で同じ問題がある、私は出力を追加しました。 – leo
役立つかもしれないhttp://www.naulinux.ru/static/Docs/SLCE/6.7/Docs/SL/Technical.Notes.66.htmlまたはhttps://git.fedorahosted.org/cgit/nss-pem .git/commit /?id = b754c62f815409fc276b70c114fb63a3a863a79d – gile