我无法使用wget或curl打开任何https URL:
$ wget https://www.python.org
--2015-04-27 17:17:33-- https://www.python.org/
Resolving www.python.org (www.python.org)... 103.245.222.223
Connecting to www.python.org (www.python.org)|103.245.222.223|:443... connected.
ERROR: cannot verify www.python.org's certificate, issued by "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA":
Unable to locally verify the issuer's authority.
To connect to www.python.org insecurely, use '--no-check-certificate'.
$ curl https://www.python.org
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
这在CentOS 5.5上使用wget 1.12和curl 7.30.0。听起来好像我的本地证书存储有问题,但是我不知道如何从这里继续。有任何想法吗?
更新:将openssl软件包从0.9.8e-12.el5_4.6升级到0.9.8e-33.el5_11之后,现在出现了另一个错误:
$ wget https://pypi.python.org
--2015-04-28 10:27:35-- https://pypi.python.org/
Resolving pypi.python.org (pypi.python.org)... 103.245.222.223
Connecting to pypi.python.org (pypi.python.org)|103.245.222.223|:443... connected.
ERROR: certificate common name "www.python.org" doesn't match requested host name "pypi.python.org".
To connect to pypi.python.org insecurely, use '--no-check-certificate'.
ca-certificates
软件包中。是否安装了此软件包?也许尝试重新安装它。如果这不是问题,请运行strace -o /tmp/wget.strace wget https://www.python.org
并发布结果跟踪,这应该告诉我们问题出在哪里。