php Curl 错误 60,SSL 证书问题:证书链中的自签名证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21187946/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Curl error 60, SSL certificate issue: self signed certificate in certificate chain
提问by Victor Bocharsky
I try to send curl request with my correct APP_ID, APP_SECRET etc. to the
我尝试将带有正确 APP_ID、APP_SECRET 等的 curl 请求发送到
https://oauth.vk.com/access_token?client_id=APP_ID&client_secret=APP_SECRET&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a&redirect_uri=REDIRECT_URI
I need to get access_token from it, but get a FALSE and curl_error()print next message otherwise:
我需要从中获取 access_token,但得到一个 FALSE 并curl_error()打印下一条消息,否则:
60: SSL certificate problem: self signed certificate in certificate chain
My code is:
我的代码是:
// create curl resource
$ch = curl_init();
// set url
curl_setopt($ch, CURLOPT_URL, $url);
//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// $output contains the output string
$output = curl_exec($ch);
if ( ! $output) {
print curl_errno($ch) .': '. curl_error($ch);
}
// close curl resource to free up system resources
curl_close($ch);
return $output;
When I move manually to the link above, I get access_token well. Why it doesn't work with curl? Help, please.
当我手动移动到上面的链接时,我很好地获得了 access_token。为什么它不适用于 curl?请帮忙。
回答by erlangsec
Answers suggesting to disable CURLOPT_SSL_VERIFYPEERshould not be accepted. The question is "Why doesn't it work with cURL", and as correctly pointed out by Martijn Hols, it is dangerous.
CURLOPT_SSL_VERIFYPEER不应接受建议禁用的答案。问题是“为什么它不适用于 cURL”,正如 Martijn Hols 正确指出的那样,这是危险的。
The error is probably caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host's SSL certificate.
该错误可能是由于没有最新的 CA 根证书包引起的。这通常是一个带有一堆加密签名的文本文件,curl 使用这些签名来验证主机的 SSL 证书。
You need to make sure that your installation of PHP has one of these files, and that it's up to date (otherwise download one here: http://curl.haxx.se/docs/caextract.html).
您需要确保您的 PHP 安装具有这些文件之一,并且它是最新的(否则请在此处下载:http: //curl.haxx.se/docs/caextract.html)。
Then set in php.ini:
curl.cainfo = <absolute_path_to> cacert.pem
If you are setting it at runtime, use:
如果您在运行时设置它,请使用:
curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");
回答by zxcmehran
This workaround is dangerousand not recommended:
这种解决方法很危险,不推荐:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
It's not a good idea to disable SSL peer verification. Doing so might expose your requests to MITM attackers.
禁用 SSL 对等验证不是一个好主意。这样做可能会将您的请求暴露给 MITM 攻击者。
In fact, you just need an up-to-date CA root certificate bundle. Installing an updated one is as easy as:
事实上,您只需要一个最新的 CA 根证书包。安装更新的就像这样简单:
- Downloading up-to-date
cacert.pemfile from cURL websiteand Setting a path to it in your php.ini file, e.g. on Windows:
curl.cainfo=c:\php\cacert.pem
cacert.pem从cURL 网站下载最新文件和在 php.ini 文件中设置它的路径,例如在 Windows 上:
curl.cainfo=c:\php\cacert.pem
That's it!
就是这样!
Stay safe and secure.
保持安全。
回答by sunil
If the SSL certificates are not properly installed in your system, you may get this error:
如果您的系统中未正确安装 SSL 证书,您可能会收到此错误:
cURL error 60: SSL certificate problem: unable to get local issuer certificate.
cURL 错误 60:SSL 证书问题:无法获取本地颁发者证书。
You can solve this issue as follows:
您可以按如下方式解决此问题:
Download a file with the updated list of certificates from https://curl.haxx.se/ca/cacert.pem
从https://curl.haxx.se/ca/cacert.pem下载包含更新的证书列表的文件
Move the downloaded cacert.pemfile to some safe location in your system
将下载的cacert.pem文件移动到系统中的某个安全位置
Update your php.inifile and configure the path to that file:
更新您的php.ini文件并配置该文件的路径:
回答by Lee
HEY GUYS: VERY IMPORTANT! This issue drove me crazy for a couple days and I couldn't figure out what was going on with my curl & openssl installations. I finally figured out that it was my INTERMEDIATE certificate (in my case, GoDaddy) which was out of date. I went back to my godaddy SSL admin panel, downloaded the new intermediate certificate, and the issue disappeared.
嘿伙计们:非常重要!这个问题让我疯狂了几天,我无法弄清楚我的 curl 和 openssl 安装发生了什么。我终于发现是我的中级证书(在我的例子中是 GoDaddy)过期了。我回到我的 Godaddy SSL 管理面板,下载了新的中间证书,问题就消失了。
I'm sure this is the issue for some of you.
我相信这是你们中的一些人的问题。
Apparently, GoDaddy had changed their intermediate certificate at some point, due to scurity issues, as they now display this warning:
显然,由于安全问题,GoDaddy 在某个时候更改了他们的中间证书,因为他们现在显示以下警告:
"Please be sure to use the new SHA-2 intermediate certificates included in your downloaded bundle."
“请务必使用您下载的捆绑包中包含的新 SHA-2 中间证书。”
Hope this helps some of you, because I was going nuts and this cleaned up the issue on ALL my servers...
希望这对你们中的一些人有所帮助,因为我快疯了,这解决了我所有服务器上的问题......
回答by Sundar
Error: SSL certificate problem: self signed certificate in certificate chain
错误:SSL 证书问题:证书链中的自签名证书
Solution:
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
