Trying to create a function to check if there are issues with the SSL on a webpage.In the specific scenario we've setup the expected output for curl https://domain includes:
curl: (60) SSL certificate problem: self signed certificate
...we are using grep, as per the line below to to set the SSL_STATUS variable to that line which we will then pump through an if statement. Problem is that it sets the variable and then drops out of the script for no apparent reason:
+ https_status
++ curl https://steelrain.eu
++ grep 'SSL certificate problem'
+ SSL_STATUS='curl: (60) SSL certificate problem: self signed certificate'
Having tested this is not the result of the grep but curl, and I do not know why (it still occurred when using SSL_STATUS=$( curl https://${DOMAIN} ) which is the basis).
I might just not be understanding how something works here because I'm thick but any assistance would be appreciated.
SSL_STATUS=$( curl https://${DOMAIN} 2>&1 | grep "SSL certificate problem" )
probably should have mentioned before but setting the function to just run the curl command drops it out of the script too so it's not setting the output to a variable that's causing trouble.
set -e was in the main script for debugging:
set -euox pipefail
Commented out and now it's sorted. Cheers!
Related
I have simple shell script that uses curl to get a response from a remote URL. The issue is that I migrated the said URL to HTTPS and now curl return an empty string. It seems that setting CURLOPT_SSL_VERIFYHOST option should fix the issue but how do I set this option in a shell script? Any other options / workarounds?
#! /bin/bash
URL=$(curl -u user:pass -A "Mozilla" https://example.com/ddns/update.php)
Today, I happened to have the same issue. neither -k and --insecure nor -L worked, but then for some reason I mixed them and it worked.
I can't say why that happened, but this worked for me:
curl -kL https://...
PS: it was a Jupyter notebook server. my guess is that it uses both ssl and redirection.
The following command works on the command line:
wget --secure-protocol=PFS -O dcm4chee-arc-5.15.1-mysql.zip https://sourceforge.net/projects/dcm4che/files/dcm4chee-arc-light5/5.15.1/dcm4chee-arc-5.15.1-mysql.zip/download
However, when I put the exact same line into a bash script (it's inside a function), it results in this error:
Resolving sourceforge.net (sourceforge.net)... 216.105.38.13
Connecting to sourceforge.net (sourceforge.net)|216.105.38.13|:443... connected.
Unable to establish SSL connection.
I've even pulled it out of the function to see if that makes any difference, but it doesn't.
Any thoughts?
Kicking myself ... my IDE had #!/usr/bin/env bash at the top of the file, whereas changing it to simply #!/bin/bash made everything work as expected. I thank you all for the responses, crediting #Mihai with direct assistance due to the comment about "environment"
When I attempt to download from dl.google.com I receive this error :
ERROR: The certificate of `dl.google.com' is not trusted.
ERROR: The certificate of `dl.google.com' hasn't got a known issuer.
Here is entire command output
$ curl https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.bash
| bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3607 100 3607 0 0 2820 0 0:00:01 0:00:01 --:--:-- 3125
bash: line 77: [: Files: binary operator expected
wget -O - https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz > tm
p.4wwaU246zk/google-cloud-sdk.tar.gz
--2013-12-12 11:05:41-- https://dl.google.com/dl/cloudsdk/release/google-cloud-
sdk.tar.gz
Resolving my.proxy.com my.proxy.com)... x.x.x.x
Connecting to my.proxy.com (my.proxy.com)|x.x.x.x|:1234... conne
cted.
ERROR: The certificate of `dl.google.com' is not trusted.
ERROR: The certificate of `dl.google.com' hasn't got a known issuer.
Reading this question : How do I fix certificate errors when running wget on an HTTPS URL in Cygwin? an option is to
"add the --no-check-certificate option on the wget command-line" but since I'm using curl instead of wget is there a similar option for above command ?
Update : I've tried
curl -k https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.ba
sh | bash
But same error, could the proxy/firewall be blocking the connection ?
Original Answer:
You are searching for -k or (long) --insecure .. The man page is your friend ;) :
-k, --insecure
(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers.
All SSL connections are attempted to be made secure by using the CA certificate bundle installed
by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.
See this online resource for further details: http://curl.haxx.se/docs/sslcerts.html
Edit after update the question:
You showed that you are already using the -k option here. I had a deeper look into your code and the task to be done:
You are trying to download a shell script from google servers. They will have trusted certificate, means you need to remove the -k as it is insecure (like the name).
After download you piping the script directly to bash. So the first question is: Did the download of the script succeed? (Can you post the script to some pastebin, in order to make it possible to verify this for me?) Will go on explaining after this questions have been answered
When I try to use curl command in my shell script I get the following error message: curl: (1) Protocol "http not supported or disabled in libcurl
When I use the curl command with the same http:// argument on my terminal, I get a response from the site. Am I missing something?
Thanks
Update
var4="localhost:8983/xxx?yyy";
var5="-F stream.url=nexus.cvs.ula.abc.html";
var6='"'$var4'" '$var5
curl $var6
The error message
curl: (1) Protocol "http not supported or disabled in libcurl
makes me think that the URL you're passing may be
"http://someserver/somelink"
instead of
http://someserver/somelink
and curl is thinking that " is part of the url.
EDIT:
Based on your update, I'd say it should be:
var4="http://localhost:8983/xxx?yyy";
var5="-F stream.url=nexus.cvs.ula.abc.html";
curl $var5 $var4
All,
I'm attempting to create a bash shell script that uses openssl to do an https query for me (/dev/tcp and wget are unavailable) along the lines of:
openssl s_client -connect xxx.xxx.xxx.xxx:port <<EOF
GET / HTTP/1.1
Connection: close
...more http here...
EOF
If I do the command line by hand, typing in the request, it works as expected and I see the correct HTML. However, if I run it from inside of a shell script I am not getting an HTTP document back from the server. Any thoughts?
I wonder whether -ign_eof helps. The original problem is described in http://www.mail-archive.com/openssl-users#openssl.org/msg02926.html (note this is very old) and this switch seems to fit.