我正在尝试使用签名 URL 将文件上传到 GCP 存储桶。
我能够在普通的桶中很好地做到这一点。但是最近我将存储桶更改为一个域名为 bucekt(例如:abc.somename.io)
现在,当我尝试将文件上传到这个新存储桶时,在创建签名 URL 后,它给了我以下错误:
Error: Hostname/IP does not match certificate's altnames:
Host: abc.somename.io.storage.googleapis.com. is not in the cert's altnames:
DNS:*.storage.googleapis.com,
DNS:*.appspot.com.storage.googleapis.com,
DNS:*.commondatastorage.googleapis.com,
DNS:*.content-storage-download.googleapis.com,
DNS:*.content-storage-upload.googleapis.com,
DNS:*.content-storage.googleapis.com,
DNS:*.googleapis.com,
DNS:*.storage-download.googleapis.com,
DNS:*.storage-upload.googleapis.com,
DNS:*.storage.select.googleapis.com,
DNS:commondatastorage.googleapis.com,
DNS:storage.googleapis.com,
DNS:storage.select.googleapis.com,
DNS:unfiltered.news
生成的签名 URL 类似于:
https://abc.somename.io.storage.googleapis.com/folder1/folder2/folder3/folder3/image.jpg?X-Goog-Algorithm=GOOG4-RSA-SH...
我正在向这个 URL 发出 PUT 请求。
curl -k当我通过命令尝试相同的 PUT 请求时,它工作正常。这里可能是什么问题。它是 GCP 中的某种错误,它正在考虑由于.存储桶名称(在 url 中)而导致主机名不同吗?
编辑:为两个 curl 命令添加跟踪。
成功运行的 curl -k 具有以下跟踪(更改/删除了一些键):
* Trying 2404:6800:4003:c04::80...
* TCP_NODELAY set
* Connected to abc.somename.io.storage.googleapis.com (0000:0000:4003:d04::80) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=*.storage.googleapis.com
* start date: Jul 7 07:56:34 2020 GMT
* expire date: Sep 29 07:56:34 2020 GMT
* issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* Using Stream ID: 1 (easy handle 0x56268ff08580)
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> PUT folder1/folder2/folder3/folder3/image.jpg?X-Goog-Algorithm=GOOG4-RSA-S....(**removed**)
> Host: abc.somename.io.storage.googleapis.com
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: text/plain
> Content-Length: 4
>
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* We are completely uploaded and fine
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 200
< x-guploader-uploadid: AAANsUl9xW3changedfnX1wL_ggsyN-8_Cqk64UliOcchangedchangedchangedC7rCmWKteeuA
< etag: "changed"
< x-goog-generation: 000000000
< x-goog-metageneration: 1
< x-goog-hash: eeee=eeee==
< x-goog-hash: md5=kjbkjbkjbkjbkjb==
< x-goog-stored-content-length: 4
< x-goog-stored-content-encoding: identity
< vary: Origin
< content-length: 0
< date: Fri, 24 Jul 2020 06:19:28 GMT
< server: UploadServer
< content-type: text/html; charset=UTF-8
< alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* Connection #0 to host abc.somename.io.storage.googleapis.com left intact
跟踪失败的正常 curl 命令:
* Trying 2404:6800:4003:c04::80...
* TCP_NODELAY set
* Connected to abc.somename.io.storage.googleapis.com (2404:6800:4003:c04::80) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=*.storage.googleapis.com
* start date: Jul 7 07:56:34 2020 GMT
* expire date: Sep 29 07:56:34 2020 GMT
* subjectAltName does not match abc.somename.io.storage.googleapis.com
* SSL: no alternative certificate subject name matches target host name 'abc.somename.io.storage.googleapis.com'
* stopped the pause stream!
* Closing connection 0
* TLSv1.3 (OUT), TLS Unknown, Unknown (21):
* TLSv1.3 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'abc.somename.io.storage.googleapis.com'