求助, openwrt 上 curl 认证校园网报错 ServerKeyExchange Failed。 - V2EX
Home Sign Up Sign In
wwzzj

求助, openwrt 上 curl 认证校园网报错 ServerKeyExchange Failed。

  •   
  •   wwzzj Aug 23, 2023 1412 views
    This topic created in 1011 days ago, the information mentioned may be changed or developed.

    用 curl 做校园网认证,相同得命令在本地可以正常运行,在 openwrt 上出现以下报错:

    curl: (35) ssl_handshake returned - mbedTLS: (-0x7B00) SSL - Processing of the ServerKeyExchange handshake message failed

    有大佬知道是怎么回事吗?

    说明:

    • 路由器已克隆电脑 MAC 地址,改了最后一个 bit 。
    • curl 命令没有问题,在 windows 上执行可以顺利通过校园网认证。
    • 已修改路由器时区为 Shanghai 。
    • 通过 AP 模式路由器可以 curl https://www.baidu.comhttps://www.163.com ,但 curl 校园网网关还是会报错。
    • 使用 openssl 测试,错误信息如下:
    root@OpenWrt:~# openssl s_client -connect https://***.***.edu.cn 78801CB67F000000:error:10080002:BIO routines:BIO_lookup_ex:system lib:crypto/bio/bio_addr.c:738:Unrecognized service connect:errno=22
  • curl
  • openssl
  • OpenWrt
  • 路由器
    7 replies    2023-08-24 01:44:52 +08:00
    slowman
        1
    slowman  
       Aug 23, 2023
    用静态编译的 curl 试试
    tyzandhr
        2
    tyzandhr  
       Aug 23, 2023 via Android
    看看 openert 上 ssl 版本?虽然我猜校园网也不会用太新的 tls 协议才对
    wwzzj
        3
    wwzzj  
    OP
       Aug 24, 2023
    @1423 谢谢大佬,用静态编译的 curl 成功了!
    wwzzj
        4
    wwzzj  
    OP
       Aug 24, 2023
    @tyzandhr 这是因为用了 TLSv1.3 的原因吗?

    TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * CAfile: /etc/ssl/certs/ca-certificates.crt
    * CApath: none
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    tyzandhr
        5
    tyzandhr  
       Aug 24, 2023 via Android
    @wwzzj #4 看 logout 样子不是……
    yinmin
        6
    yinmin  
       Aug 24, 2023
    (1) curl 加--tlsv1.0 或者--tlsv1.2 参数试试
    curl https://**.edu.cn --tlsv1.2

    (2) 你的 openssl 的指令错了,应该是:
    openssl s_client -connect ***.edu.cn:443
    vsyf
        7
    vsyf  
       Aug 24, 2023 via Android
    10 年前我也是在 openwrt 搞校园网客户端,我们那时候还是用的锐捷。转眼过去这么久了
    About     Help     Advertise     Blog     API     FAQ     Solana     2681 Online   Highest 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 37ms UTC 05:46 PVG 13:46 LAX 22:46 JFK 01:46
    Do have faith in what you're doing.
    ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86