https에 의존하는 컬, dnf 등의 명령줄 도구는 제대로 작동하지 않습니다.
$ curl -vvv --insecure https://google.com
* Rebuilt URL to: https://google.com/
* Trying 172.217.29.14...
* TCP_NODELAY set
* Connected to google.com (172.217.29.14) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
dnf도 멈췄습니다.
[root@merov2 ~]# dnf update
Copr repo for alacritty owned by pschyska [=== ] --- B/s | 0 B --:-- ETA
strace를 사용하여 위 명령을 실행하면 다음과 같은 결과가 나타납니다(마지막 몇 줄만 복사됨).
openat(AT_FDCWD, "/lib64/libnsspem.so", O_RDONLY|O_CLOEXEC) = 8
read(8, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P8\0\0\0\0\0\0"..., 832) = 832
fstat(8, {st_mode=S_IFREG|0755, st_size=197352, ...}) = 0
mmap(NULL, 189280, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 8, 0) = 0x7f52b1654000
mmap(0x7f52b1657000, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x3000) = 0x7f52b1657000
mmap(0x7f52b1673000, 57344, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x1f000) = 0x7f52b1673000
mmap(0x7f52b1681000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x2c000) = 0x7f52b1681000
close(8) = 0
mprotect(0x7f52b1681000, 4096, PROT_READ) = 0
munmap(0x7f52b1683000, 366361) = 0
brk(NULL) = 0xf1d000
brk(0xf3e000) = 0xf3e000
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 8
fcntl(8, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0
getpeername(8, 0x7fffae5fa7f0, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
write(2, "*", 1*) = 1
write(2, " ", 1 ) = 1
write(2, " CAfile: /etc/pki/tls/certs/ca-"..., 58 CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
) = 58
stat("/etc/pki/tls/certs/ca-bundle.crt", {st_mode=S_IFREG|0444, st_size=221322, ...}) = 0
futex(0xf152f0, FUTEX_WAIT_PRIVATE, 2, NULL
답변1
저는 소스에서 빌드된 컬 7.60을 사용하고 있습니다. 최신 버전으로 업그레이드한 후 다시 작동하기 시작했습니다.
Fedora 32를 사용하면 dnf가 컬에 의존하기 때문에 패키지를 제거하고 업그레이드하려면 rpm을 사용해야 합니다.