DNSPod API升级TLS 1.2导致ArDNSPod脚本失效问题

博主我常年在路由器的OpenWRT系统上以crontab方式跑ArDNSPod：https://github.com/anrip/ArDNSPodl来实现DNSPod上解析域名的DDNS功能，但是今天突然发现在出口IP变化以后，DDNS域名没有像往常一样正常更新（以往反应都是很快的），检查了下也不是以前出现的又被ISP变回内网IP导致的，于是ssh登上路由器的局域网IP，手动执行了下crontab里sh的命令，发现提示这个：

root@xCloud:/opt/usr/ardnspod/ddnspod.sh
Linux
Updating Domain: xxxx.k-res.net
hostIP: xxx.xx.xxx.xxx
Get Record Info Failed!

于是vi ddnspod.sh，找到使用wget发送DNSPod API请求的那行：

wget –quiet –no-check-certificate –output-document=- –user-agent=$agent –post-data $param $inter

把–quiet去掉，再次执行脚本，提示：

root@xCloud:/opt/usr/ardnspod# ./ddnspod.sh
Linux
Updating Domain: xxxx.k-res.net
hostIP: xxx.xx.xxx.xxx
–2019-03-10 21:58:56– https://dnsapi.cn/Domain.Info
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
OpenSSL: error:1409442E:lib(20):func(148):reason(1070)
Unable to establish SSL connection.
–2019-03-10 21:58:56– https://dnsapi.cn/Record.List
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
OpenSSL: error:1409442E:lib(20):func(148):reason(1070)
Unable to establish SSL connection.
–2019-03-10 21:58:56– https://dnsapi.cn/Record.Info
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
OpenSSL: error:1409442E:lib(20):func(148):reason(1070)
Unable to establish SSL connection.
Get Record Info Failed!

可以清楚的看到是wget在建立ssl连接时出错了，查了下错误信息，发现是TLS版本的问题，于是又回DNSPod上查，找到了这个：DNSPod将对全站SSL证书进行升级 ，原来是DNSPod进行了SSL升级，明确指出“不再支持TLS v1.1、TLS v1.0等旧版本协议”，看来就是这个问题了！

随后又再查看wget的一些资料，找到了这个：https://unix.stackexchange.com/questions/237778/wget-tls-1-2-error，看来只要wget版本在1.16.1以上，就可以支持TLS v1.2，赶紧看了下路由器上的wget版本：

root@xCloud:/opt/usr/ardnspod# wget –version
GNU Wget 1.16 built on linux-gnu.
+digest +https +ipv6 -iri +large-file -nls +ntlm +opie -psl +ssl/openssl
Wgetrc:
/etc/wgetrc (system)
Compile:
mipsel-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H
-DSYSTEM_WGETRC=”/etc/wgetrc” -DLOCALEDIR=”/usr/share/locale” -I.
-I../lib -I../lib
-I/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/include
-I/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/include
-I/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include
-I/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/include
-Os -pipe -mno-branch-likely -mips32r2 -mtune=24kec -mdsp
-fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable
-msoft-float -mips16 -minterlink-mips16
Link:
mipsel-openwrt-linux-uclibc-gcc -Os -pipe -mno-branch-likely
-mips32r2 -mtune=24kec -mdsp -fno-caller-saves -fhonour-copts
-Wno-error=unused-but-set-variable -msoft-float -mips16
-minterlink-mips16
-L/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/lib
-L/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/lib
-L/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/usr/lib
-L/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/lib
/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/lib/libssl.so
/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/lib/libcrypto.so
-ldl -lz -lpcre ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
http://www.gnu.org/licenses/gpl.html.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic hniksic@xemacs.org.
Please send bug reports and questions to bug-wget@gnu.org.

看来版本刚好符合要求，于是再次vi ddnspod.sh，修改wget调用那行，加入–secure-protocol=TLSv1_2，再次执行，结果如下：

root@xCloud:/opt/usr/ardnspod# ./ddnspod.sh
Linux
Updating Domain: xxxx.k-res.net
hostIP: xxx.xx.xxx.xxx
–2019-03-10 22:01:52– https://dnsapi.cn/Domain.Info
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 565
Saving to: ‘STDOUT’
100%[===================================================================================>] 565 –.-KB/s in 0s
2019-03-10 22:01:53 (8.98 MB/s) – written to stdout [565/565]
–2019-03-10 22:01:53– https://dnsapi.cn/Record.List
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 649
Saving to: ‘STDOUT’
100%[===================================================================================>] 649 –.-KB/s in 0s
2019-03-10 22:01:53 (7.74 MB/s) – written to stdout [649/649]
–2019-03-10 22:01:53– https://dnsapi.cn/Record.Info
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 443
Saving to: ‘STDOUT’
100%[===================================================================================>] 443 –.-KB/s in 0s
2019-03-10 22:01:54 (7.04 MB/s) – written to stdout [443/443]
lastIP: 125.37.162.3
–2019-03-10 22:01:54– https://dnsapi.cn/Domain.Info
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 565
Saving to: ‘STDOUT’
100%[===================================================================================>] 565 –.-KB/s in 0s
2019-03-10 22:01:55 (6.74 MB/s) – written to stdout [565/565]
–2019-03-10 22:01:55– https://dnsapi.cn/Record.List
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 649
Saving to: ‘STDOUT’
100%[===================================================================================>] 649 –.-KB/s in 0s
2019-03-10 22:01:55 (7.74 MB/s) – written to stdout [649/649]
–2019-03-10 22:01:56– https://dnsapi.cn/Record.Ddns
Resolving dnsapi.cn… 157.255.173.149
Connecting to dnsapi.cn|157.255.173.149|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 162
Saving to: ‘STDOUT’
100%[===================================================================================>] 162 –.-KB/s in 0s
2019-03-10 22:01:56 (1.54 MB/s) – written to stdout [162/162]
postRS: xxx.xx.xxx.xxx

可以到200成功的信息，上DNSPod控制台确认了下，解析A记录也确实更新了，再把sh里wget调用的–quiet加回来，一切恢复往常：

root@xCloud:/opt/usr/ardnspod# ./ddnspod.sh
Linux
Updating Domain: xxx.k-res.net
hostIP: xxx.xx.xxx.xxx
lastIP: xxx.xx.xxx.xxx
Last IP is the same as current IP!