当尝试使用 curl 绕过配置错误的 DNS 条目时(正在试验,当时还不知道),--resolve似乎是正确的方法。然而,这个论点并没有像我预期的那样(成功地)404。
编辑系统/etc/hosts文件以添加正确的条目可以正常工作,因此它似乎必须是 curl 解析 DNS 的一部分。实际上,将 IP 更改为/etc/hosts无效的 IP 也优先于--resolvearg 和 404。
是否可以通过系统通过内置参数提供的任何内容强制 curl 解析名称的特定 IP?(它是否--resolve与其他东西结合在一起?)
下面的例子;姓名和地址已更改,以保护有罪者。
% curl -L -vv --resolve "foo.example.com:80:10.14.0.1" "https://foo.example.com/path"
* Added foo.example.com:80:10.14.0.1 to DNS cache
* Trying 10.15.0.1
* TCP_NODELAY set
* Connected to foo.example.com (10.15.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
我刚刚发现了答案;
--resolve需要指定正确的端口(可能是几个端口)此外,
*可以用于主机(但不能用于端口!),这简化了参数。手册页对这一切都很清楚。