Nss error 5938 - Исправление ошибок и поиск оптимальных решений проблем

У меня есть сценарий оболочки, который:

скачивает файлы из базы данных
сохраняет их как файлы CSV локально
передает файл на другой сервер через FTP (используя curl).

При запуске вручную сценарий запускает файл, но при запуске через crontab он не выполняет третий шаг. вывод CURL показывает NSS error -5938 (PR_END_OF_FILE_ERROR) после команды STOR (чего не происходит при запуске вручную).

Есть предположения? Некоторые выдержки из моего кода / журналов ниже:

Crontab :

    0 20 * * * cd /home/username/automation/process && ./process.sh > /home/username/automation/process/lastrun.log 2>&1

Команда CURL запускается из другого сценария оболочки ./totarget.sh:

#!/bin/bash
curl -T $1 -ssl ftps://ftp.domain.com/ --user username:password --cacert /home/username/automation/process/output/team-ftp.pem -v

Вывод из CURL (пути / пользователи / хосты заменены):

Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /home/username/automation/process/output/team-ftp.pem
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: E=Team@domain.com,OU=Team Name,O=Company Name,L=City,ST=NY,C=US,CN=team.domain.com
*       start date: Aug 07 21:42:43 2019 GMT
*       expire date: Aug 06 21:42:43 2020 GMT
*       common name: team.domain.com
*       issuer: E=Team@domain.com,OU=Team Name,O=Company Name,L=City,ST=NY,C=US,CN=team.domain.com
< 220-Team Name FTP
< 220-Unauthorized use is prohibited
< 220 Access is logged
> USER username
< 331 Password required for username
> PASS password
< 230 Logged on
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 200 Protection level set to P
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||61786|)
*   Trying 123.456.789.123...
* Connecting to 123.456.789.123 (123.456.789.123) port 61786
* Connected to team.domain.com (123.456.789.123) port 990 (#0)
> TYPE I
< 200 Type set to I
> STOR Filename.csv
< 150 Opening data channel for file upload to server of "/Filename.csv"
* Doing the SSL/TLS handshake on the data stream
*   CAfile: /home/username/automation/process/output/team-ftp.pem
  CApath: none
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Failure sending ABOR command: SSL connect error
* Closing connection 0

Я экспортировал самозаверяющий сертификат сайта и поместил его в team-ftp.pem, который явно включен в сценарий totarget.sh. Могу действительно иметь некоторое представление о том, почему это работает для меня, но не для crontab того же пользователя.

Некоторая системная информация:

$ uname -a
Linux hostname.domain.com 3.10.0-693.11.1.el7.x86_64 #1 SMP Fri Oct 27 05:39:05 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux

$ curl --version
curl 7.44.0 (x86_64-unknown-linux-gnu) libcurl/7.44.0 OpenSSL/1.0.2g
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL TLS-SRP UnixSockets

Заранее спасибо.

1 ответ

Лучший ответ

Мне удалось решить эту проблему, вызвав bash непосредственно из crontab, а затем передав ему сценарий оболочки как таковой:

 0 20 * * * bash -c "cd /home/username/automation/process && ./process.sh > /home/username/automation/process/lastrun.log 2>&1"

Надеюсь, это поможет кому-то в будущем.

Jason ‘Jaypoc’ Bauman
29 Апр 2020 в 01:55

Источник

PHP passes curl POST data to HTTPS, the same code, with no problems on the first server. It has been unsuccessful on the second server.
Turn on debug Mode and you find the following log.
code:
————————————————————-
Try {
# 1. The init curl
$ch = curl_init ();

# 2. Set the option
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postFields);

if ($headerFields! = NULL){
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerFields);
}

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt ($ch, CURLOPT_SSLCERT, self: : CLIENT_CRT);
Curl_setopt ($ch, CURLOPT_SSLKEY, self: : CLIENT_KEY);
Curl_setopt ($ch, CURLOPT_VERBOSE, 1); #debug mode
Curl_setopt ($ch, CURLOPT_STDERR, fopen (“/TMP/curl_ssl. Log “, “w +”)); #debug mode, print log to:/TMP/curl_SSL.log

# 3.execute curl and get response
$result = curl_exec($ch);
Log::info(” info: HttpMethod:: http_post-get Result:”.$Result);

$rlt_array = json_decode($result, true);
$rsp_array = curl_getinfo ($ch);
Log: : info ($rsp_array);

# 4. Release the curl
curl_close ($ch);
} catch (Exception $e) {
Log: : info ($e);
}
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — –

/tmp/curl_ssl.log:
————————————————————-

* About to connect() to 180.101.147.89 Port8743 (#1)
* Trying 180.101.147.89…
* Connected to 180.101.147.89(180.101.147.89) Port 8743 (#1)
* NSS error -5938(PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 1
————————————————————-
Found an error calling HTTPS with the curl command:
————————————————————-

[[email protected] ~]# curl https://*.*.*.*
curl: (35) Encountered end of file
————————————————————-
Reason: You need to force the SSL version. Such as:
-2, –sslv2 Use sslv2 (SSL)
-3, Sslv3 Use sslv3 (SSL)
–ssl-allow-beast allow security arrest to improve interop (SSL)
–stderr FILE Where to redirect stderr.-means stdout
–tcp-nodelay Use the ctod TCP_NODELAY option
-t, –telnet-option OPT=VAL Set Telnet option
–tftp-blksize VALUE Set TFTP blksize option (must be > 512)
-z, –time-cond time Transfer based on a time condition
-1, –tlsv1 Use => TLSv1 (SSL)
– tlsv1.0 Use tlsv1.0 (SSL)
– tlsv1.1 Use tlsv1.1 (SSL)
– tlsv1.2 Use tlsv1.2 (SSL)

Add parameters — TLSV1 solves the problem:
[[email protected] conf.d]# curl –tlsv1 https://*.*.*.*
curl: (60) Peer’s certificate issuer hasbeen marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
…

Reference: http://php.net/manual/en/function.curl-setopt.php
Select the SSL version you want:

CURLOPT_SSLVERSION

One Of CURL_SSLVERSION_DEFAULT (0), curl_ssl1 (1), curl_sslv2 (2), curl_sslv3 (3), CURL_SSLVERSION_TLSv1_0 (4),

 CURL_SSLVERSION_TLSv1_1  or  (5) CURL_SSLVERSION_TLSv1_2  (6).    

Since tlSV1 is used here, the following sentence is added to code to solve the problem:

curl_setopt($ch, CURLOPT_SSLVERSION, 1);
Read More:

Fatal error C1010: unexpected end of file encountered while looking for precompiled header. Did you forget to add “ා include” StdAfx. H to the source
XML file should have root tag (extra content at the end of the document in file error)
Nginx front end and back end separation + service cluster reverse proxy
The back end cannot receive the parameters passed by the front end
Solve syntax error: unexpected end of file or /bin/bash^m: bad interpeneter: no match file or directory
Syntax error: unexpected end of file problem [two solutions]
curl  https://domasin NSS error – 12286
RCurl error-fatal error: curl/curl.h: No such file or directory
error Newline required at end of file but not found eol-last
Eo ferror: compressed file ended before the end of stream marker was reached
[!] Invalid `Podfile` file: syntax error, unexpected end-of-input, expecting keyword_end.
Parse error: syntax error, unexpected end of file in XXXXXXXX
Record a front end error net:: err_ HTTP2_ PROTOCOL_ ERROR 200
SFTP login error: fatal error: received unexpected end of file from SFTP server
Pits encountered during installation of vs2017
Solve the problem of syntax error: unexpected end of file or syntax error near unexpected token ` fi ‘error
Start rqt_ Graph, prompt / opt / ROS / melody / share / PR2_ motor_ diagnostic_ Under tool plugin.xml There is something wrong with the file
Solve the unexpected end of stream exception thrown by jedis
Failed connect to github.com:443 ; no error and the remote end hung up unexpectedly
PHP function file_ get_ Contents() reports an error when using HTTPS protocol: SSL operation failed


Post navigation
					← What is cs0120 error

					pathspec ‘master’ did not match any files known to git →

Источник

Expected behavior

When invoking curl against the HTTP/2 server located in io.netty.example.http2.helloworld.server I always get NSS error -5938 (PR_END_OF_FILE_ERROR) and the following exception on Netty side:

java.lang.RuntimeException: Unable to wrap SSLEngine of type sun.security.ssl.SSLEngineImpl
	at io.netty.handler.ssl.JdkAlpnApplicationProtocolNegotiator$AlpnWrapper.wrapSslEngine(JdkAlpnApplicationProtocolNegotiator.java:132)
	at io.netty.handler.ssl.JdkSslContext.configureAndWrapEngine(JdkSslContext.java:249)
	at io.netty.handler.ssl.JdkSslContext.newEngine(JdkSslContext.java:227)
	at io.netty.handler.ssl.SslContext.newHandler(SslContext.java:903)
	at io.netty.example.http2.helloworld.server.Http2ServerInitializer.configureSsl(Http2ServerInitializer.java:83)
	at io.netty.example.http2.helloworld.server.Http2ServerInitializer.initChannel(Http2ServerInitializer.java:73)
	at io.netty.example.http2.helloworld.server.Http2ServerInitializer.initChannel(Http2ServerInitializer.java:42)
	at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:113)
	at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:105)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:597)
	at io.netty.channel.DefaultChannelPipeline.access$000(DefaultChannelPipeline.java:44)
	at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1387)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1122)
	at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:647)
	at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:506)
	at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:419)
	at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:478)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:403)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:462)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
	at java.lang.Thread.run(Thread.java:748)

It is worth to mention that this happen in JDK8. With JDK9 it works correctly. It is also worth to mention that a plain text upgrade to HTTP/2 works correctly.

Actual behavior

Described the above.

Steps to reproduce

Start the Http2Server with SSL parameter
Invoke curl -k -v --http2-prior-knowledge https://127.0.0.1:8443

Minimal yet complete reproducer code (or URL to code)

Described the above.

Netty version

= 4.1.10. Previously in Infinispan we used 4.1.9 and this worked correctly.

JVM version (e.g. `java -version`)

JDK8:
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)

JDK9:
java version "9.0.4"
Java(TM) SE Runtime Environment (build 9.0.4+11)
Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)

OS version (e.g. `uname -a`)

Linux slaskawi 4.15.4-200.fc26.x86_64 #1 SMP Mon Feb 19 19:43:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Источник

1 ответ

Read More:

Expected behavior

Actual behavior

Steps to reproduce

Minimal yet complete reproducer code (or URL to code)

Netty version

JVM version (e.g. java -version)

OS version (e.g. uname -a)

JVM version (e.g. `java -version`)

OS version (e.g. `uname -a`)