下一个 InitializeSecurityContext 失败 - 使用 pycurl 的 SSL 连接

Question

我正在努力翻译下面这样的命令

curl "https://my.website.address.com" --key path\to\client_key.pem --cert path\to\client.crt --pass P4$$w0rD

使用 pycurl 到 python 脚本：

import pycurl
        URL = "https://my.website.address.com"
        KEY_PATH = "path\to\client_key.pem"
        CERT_PATH = "path\to\client.crt"
        CA_PATH = "path\to\curl-ca-bundle.crt"
        USERNAME = "my_username"
        PASSWORD = "P4$$w0rD"   

        c = pycurl.Curl()
        c.setopt(pycurl.URL, URL)
        c.setopt(pycurl.SSLKEY, KEY_PATH)
        c.setopt(pycurl.PASSWORD, PASSWORD)
        c.setopt(pycurl.SSLCERT, CERT_PATH)
        c.setopt(pycurl.USERNAME, USERNAME)
        c.setopt(pycurl.SSL_VERIFYHOST, 2)
        c.setopt(pycurl.SSL_VERIFYPEER, True)
        c.setopt(pycurl.CAINFO, CA_PATH)
        c.setopt(pycurl.VERBOSE, True)
        c.perform()
        c.close()

所以让我们同意 www.my.webiste.address.com 的 IP 地址是 667.667.667.667 ;)

我在运行脚本时总是遇到这个错误：

* Hostname was NOT found in DNS cache
*   Trying 667.667.667.667...
* Connected to my.webiste.address.com (667.667.667.667) port 443 (#0)
* schannel: SSL/TLS connection with my.webiste.address.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 204 bytes...
* schannel: sent initial handshake data: sent 204 bytes
* schannel: SSL/TLS connection with my.webiste.address.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with my.webiste.address.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 1260 length 4096
* schannel: encrypted data length: 1162
* schannel: encrypted data buffer: offset 1162 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with my.webiste.address.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 3157 length 4096
* schannel: next InitializeSecurityContext failed: SEC_I_INCOMPLETE_CREDENTIALS (0x00090320) - The credentials supplied were not complete, and could not be verified. Additional information can be returned from the context.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with my.webiste.address.com port 443

Traceback (most recent call last):
  File "C:/path/to/project/main.py", line 59, in <module>
    main()
  File "C:/path/to/project/main.py, line 51, in main
    c.perform()

pycurl.error: (35, 'schannel: next InitializeSecurityContext failed: SEC_I_INCOMPLETE_CREDENTIALS (0x00090320) - The credentials supplied were not complete, and could not be verified. Additional information can be returned from the context.')

* schannel: clear security context handle
* schannel: clear credential handle

你知道它应该是什么样子吗？

Answer 1

我发现的问题在我自己的代码中-

我在 client_key 中传递了一个 std::string，而不是 client_key.c_str()；因为 curl_easy_setopt 是一个宏，所以编译得很好。但是我应该传递 const char *。

===========================

if (RestClientClass::client_key.size()) {
  curl_easy_setopt(curl, CURLOPT_SSLKEY, RestClientClass::client_key.c_str());
  curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
}

if (RestClientClass::client_certificate.size()) {
  curl_easy_setopt(curl, CURLOPT_SSLCERT, RestClientClass::client_certificate.c_str());
  curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
}