假设我所在的网络有 MITM SSL 交换防火墙(google.com 不是由 Google 颁发的,而是由自定义 CA 根权限重新颁发的),这里有更多详细信息https://security.stackexchange.com/questions/107542/is- it-common-practice-for-companies-to-mitm-https-traffic。
我有简单的 Dockerfile:
FROM alpine:latest
RUN apk --no-cache add curl
它因 SSL 错误而严重失败
=> ERROR [2/2] RUN apk --no-cache add curl 1.0s
------
> [2/2] RUN apk --no-cache add curl:
#5 0.265 fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
#5 0.647 140037857143624:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#5 0.649 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: Permission denied
#5 0.649 fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
#5 0.938 140037857143624:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#5 0.940 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: Permission denied
#5 0.941 ERROR: unable to …