php 如何修复 SSL 证书验证失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/46511717/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to fix SSL certificate verification failure
提问by slevin
I use PHPMailer, along with Apache and PHP, locally. When I test my SSL config and my cacerts I get
我在本地使用 PHPMailer,以及 Apache 和 PHP。当我测试我的 SSL 配置和我的 cacerts 时,我得到
default_cert_file = C:\Program Files\Common Files\SSL/cert.pem
default_cert_file_env = SSL_CERT_FILE
default_cert_dir = C:\Program Files\Common Files\SSL/certs
default_cert_dir_env = SSL_CERT_DIR
default_private_dir = C:\Program Files\Common Files\SSL/private
default_default_cert_area = C:\Program Files\Common Files\SSL
ini_cafile =
ini_capath =
and then, I do
然后,我做
var_dump(fsockopen("smtp.gmail.com", 465, $errno, $errstr, 3.0));
var_dump($errno);
var_dump($errstr);
and I get
我得到
fsockopen resource(2) of type (stream) int(0) string(0) ""
In my php.iniI have curl.cainfo = C:/php/cacert.pemin the curlpart and it works.
在我的php.ini我curl.cainfo = C:/php/cacert.pem的curl一部分,它的工作原理。
But when I try to use PHPMailer to send a mail from localhost, I keep getting
但是当我尝试使用 PHPMailer 从本地主机发送邮件时,我不断收到
SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
unable to connect to ssl://smtp.gmail.com:465 (Unknown error)
I also went to the account used in the SMTP, in https://accounts.google.com/DisplayUnlockCaptchaand enable it. And to https://myaccount.google.com/lesssecureapps?pli=1and enabled less secured apps.
I guess this is an SSL error and not a PHPMailer. Frankly, I am confused dont know how to fix it. Excuse my ignorance, any help on whats is going wrong and how to fix it , would be great.
我也到了SMTP中使用的帐户,在https://accounts.google.com/DisplayUnlockCaptcha并启用它。并https://myaccount.google.com/lesssecureapps?pli=1启用安全性较低的应用程序。我想这是一个 SSL 错误而不是一个 PHPMailer。坦率地说,我很困惑不知道如何解决它。请原谅我的无知,任何关于出了什么问题以及如何解决它的帮助都会很棒。
PS, this my php file that sends the mail. Thank you
PS,这是我发送邮件的php文件。谢谢
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require 'C:/php/PHPMailer/src/Exception.php';
require 'C:/php/PHPMailer/src/PHPMailer.php';
require 'C:/php/PHPMailer/src/SMTP.php';
$mail = new PHPMailer(true);
try {
$mail->SMTPDebug = 3;
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = '[email protected]';
$mail->Password = 'secret';
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;
//Recipients
$mail->setFrom('[email protected]');
$mail->addAddress('[email protected]');
//Content
$mail->isHTML(true);
$mail->Subject = 'subject';
$mail->Body = 'HTML message body <b>in bold!</b>';
$mail->AltBody = 'body in plain text';
$mail->send();
echo 'Message has been sent';
} catch (Exception $e) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
}
?>
Update
更新
When I try with $mail->SMTPSecure = 'ssl';and $mail->Port = 465;I get
当我尝试$mail->SMTPSecure = 'ssl';并$mail->Port = 465;得到
2017-10-01 13:04:25 Connection: opening to ssl://smtp.gmail.com:465, timeout=300, options=array()
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://smtp.gmail.com:465 (Unknown error) [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 SMTP ERROR: Failed to connect to server: (0)
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Message could not be sent.Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
When I try with $mail->SMTPSecure = 'tls';and $mail->Port = 587;I get
当我尝试$mail->SMTPSecure = 'tls';并$mail->Port = 587;得到
2017-10-01 13:07:20 Connection: opening to smtp.gmail.com:587, timeout=300, options=array()
2017-10-01 13:07:21 Connection: opened
2017-10-01 13:07:21 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP l4sm5217189wrb.74 - gsmtp
2017-10-01 13:07:21 CLIENT -> SERVER: EHLO localhost
2017-10-01 13:07:21 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.75.196.114]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250 SMTPUTF8
2017-10-01 13:07:21 CLIENT -> SERVER: STARTTLS
2017-10-01 13:07:21 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2017-10-01 13:07:21 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 403]
SMTP Error: Could not connect to SMTP host.
2017-10-01 13:07:21 CLIENT -> SERVER: QUIT
2017-10-01 13:07:21 SERVER -> CLIENT:
2017-10-01 13:07:21 SMTP ERROR: QUIT command failed:
2017-10-01 13:07:21 Connection: closed
SMTP Error: Could not connect to SMTP host.
Message could not be sent.Mailer Error: SMTP Error: Could not connect to SMTP host.
回答by Yvan
Just had the same error message, maybe you've got the same issue:
刚刚收到相同的错误消息,也许您遇到了同样的问题:
- my certificate is good (I can go to the HTTPS domain without any issue)
- can't run the same request through PHP's
stream_context_createandstream_socket_client - I want SSL certificate to be checked
- 我的证书很好(我可以毫无问题地访问 HTTPS 域)
- 不能通过 PHP
stream_context_create和stream_socket_client - 我想检查 SSL 证书
Testing the same domain through cURL returned:
通过 cURL 测试同一个域返回:
curl: (60) SSL certificate problem: certificate is not yet valid
curl: (60) SSL certificate problem: certificate is not yet valid
Turns out my virtual machine in which I've run both PHP and cURL had 11?days of error (december 11th instead of december 22th).
事实证明,我在其中运行 PHP 和 cURL 的虚拟机有 11 天的错误(12 月 11 日而不是 12 月 22 日)。
By fixing the computer/virtual machine's date(using ntp, ntpdate-debianor the like), the certificate test now runs fine, in both cURL command-line or PHP.
通过固定计算机/虚拟机的日期(使用ntp,ntpdate-debian或类似物),证书测试现在运行正常,在两个卷曲命令行或PHP。
回答by IanMcL
I encountered this on a new Windows IIS server recently. The cURL call was to my own domain from a batch script, both of which are running on the same server.
我最近在一个新的 Windows IIS 服务器上遇到了这个问题。cURL 调用是从批处理脚本到我自己的域的,这两个脚本都在同一台服务器上运行。
I'd added
我加了
127.0.0.1 mydomain.com
to the hosts file, and I'd forgotten to remove it when I changed the public DNS.
到主机文件,我在更改公共 DNS 时忘记删除它。
The server is behind Cloudflare, so my cURL was getting a CF origin certificate and not the real one certificate served by Cloudflare.
服务器在 Cloudflare 后面,所以我的 cURL 获得的是 CF 原始证书,而不是 Cloudflare 提供的真实证书。
Removing the hosts entry cleared the problem.
删除主机条目清除了问题。
