php AWS SSL 安全错误:[curl] 60:SSL 证书问题...:无法获得本地颁发者证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24620393/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AWS SSL security error : [curl] 60: SSL certificate prob...: unable to get local issuer certificate
提问by user2818066
I am trying to connect Amazon's S3 files from my (localhost) Windows 8 machine running AppServ 2.5.10(which includes Apache 2.2.8, php 5.2.6, mysql 5.0.51band phpMyAdmin 2.10.3) using Amazon SDKfor php.
我想亚马逊的S3文件从运行我的(本地主机)的Windows 8设备连接AppServ 2.5.10(包括Apache 2.2.8,php 5.2.6,mysql 5.0.51b和phpMyAdmin 2.10.3)使用Amazon SDK的PHP。
In order to be compatible with Amazon SDK'snamespace feature, I replaced php with version 5.3.28by downloading its zipped file and unzipped it.
为了与Amazon SDK's命名空间功能兼容,我5.3.28通过下载其压缩文件并解压缩将 php 替换为 version 。
My php code works fine to access S3file in Amazon EC2but it failed in my Windows local host.
我的 php 代码可以正常访问S3文件,Amazon EC2但在我的 Windows 本地主机中失败。
However when I run the php srcipt to read Amazon S3bucket file in Windows local host machine, I got SSL error as following:
但是,当我运行 php srcipt 以读取Amazon S3Windows 本地主机中的存储桶文件时,出现如下 SSL 错误:
Fatal error: Uncaught exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: SSL certificate problem: unable to get local issuer certificate [url] https://images-st.s3.amazonaws.com/us/123977_sale_red_car.png' in C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php:342 Stack trace:
#0 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(283): Guzzle\Http\Curl\CurlMulti->isCurlException(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Curl\CurlHandle), Array)
#1 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(248): Guzzle\Http\Curl\CurlMulti->processResponse(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Curl\CurlHandle), Array)
#2 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(231): Guzzle\Http\Curl\CurlMulti->processMessages()
#3 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(215): Guzzle\Http\Curl\CurlMulti->executeHandles()
#4 C:\AppServ\www\ecity\ven in C:\AppServ\www\ecity\vendor\aws\aws-sdk-php\src\Aws\Common\Client\AbstractClient.php on line 288
致命错误:未捕获的异常 'Guzzle\Http\Exception\CurlException' 带有消息 '[curl] 60:SSL 证书问题:无法获取本地颁发者证书 [url] https://images-st.s3.amazonaws.com/us /123977_sale_red_car.png' 在 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php:342 堆栈跟踪:
#0 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(283): Guzzle\Http\Curl\CurlMulti->isCurlException(Object(Guzzle\Http\Message) \Request), 对象(Guzzle\Http\Curl\CurlHandle), 数组)
#1 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(248): Guzzle\Http\Curl\CurlMulti->processResponse(Object(Guzzle\Http\Message) \Request), 对象(Guzzle\Http\Curl\CurlHandle), 数组)
#2 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(231): Guzzle\Http\Curl\CurlMulti->processMessages()
#3 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(215): Guzzle\Http\Curl\CurlMulti->executeHandles()
#4 C:\AppServ\www\ecity\ven in C:\AppServ\www\ecity\vendor\aws\aws-sdk-php\src\Aws\Common\Client\AbstractClient.php 在线 288
I download the certifate from http://curl.haxx.se/ca/cacert.pemand define it in php.ini as following:
我从http://curl.haxx.se/ca/cacert.pem下载证书并在 php.ini 中定义如下:
curl.cainfo = "C:\AppServ\cacert.pem"
but I still got the same error. It seems php doesn't honor the curl.cainfodefined in php.ini.
但我仍然遇到同样的错误。这似乎PHP不兑现的curl.cainfo定义php.ini。
My php version is 5.3.28according to localhost/phpinfo.php.
我的 php 版本是5.3.28根据localhost/phpinfo.php.
I also checked the cainfoparameter to be correct as C:\AppServ\cacert.pemusing
我还检查了cainfo参数是否正确C:\AppServ\cacert.pem使用
echo ini_get( "curl.cainfo" ) ;
in the php script.
在 php 脚本中。
Php version higher than 5.3shall support curl.cainfoin php.ini.
PHP 版本高于5.3应支持curl.cainfo在php.ini.
In Windows' command line, I check curl behavior and it seems work fine.
在 Windows 的命令行中,我检查 curl 行为,它似乎工作正常。
C:\Users\Jordan>curl https://s3-us-west-2.amazonaws.com/images-st/aaa.txt
curl: (60) SSL certificate problem: unable to get local issuer certificate
......
C:\Users\Jordan>curl --cacert C:\AppServ\cacert.crt https://s3-us-west-2.amazonaws.com/images-st/aaa.txt
This is aaa.txt file.
Stored in Amazon S3 bucket.
Is it because I used Apache in Windows which doesn't match php 5.3.28zip file I downloaded from http://windows.php.net/download/VC9 x86 Thread Safe (2014-Jun-11 01:09:56) zip version.
是不是因为我在 Windows 中使用的 Apache 与5.3.28我从http://windows.php.net/download/VC9 x86 Thread Safe (2014-Jun-11 01:09:56) zip 版本下载的php zip 文件不匹配。
In my apache's httpd-ssl.conf file, I have the following setting even I use from local host in Windows 8.
在我的 apache 的 httpd-ssl.conf 文件中,即使我在 Windows 8 中使用本地主机,我也有以下设置。
<VirtualHost _default_:443>
DocumentRoot "C:/AppServ/www"
ServerName localhost:443
ServerAdmin [email protected]
ErrorLog "C:/AppServ/Apache2.2/logs/error.log"
TransferLog "C:/AppServ/Apache2.2/logs/access.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/AppServ/Apache2.2/conf/mydomain.cert"
SSLCertificateKeyFile "C:/AppServ/Apache2.2/conf/mydomain.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/Apache2.2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/AppServ/Apache2.2/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Now I am wondering what is the problem and how to connect to Amazon S3bucket files and RDSdatabase without producing these curlcannot get local issuer certificate problems from my Windows 8 local host.
现在我想知道是什么问题以及如何连接到Amazon S3存储桶文件和RDS数据库而不产生这些curl无法从我的 Windows 8 本地主机获取本地颁发者证书问题。
Any advice?
有什么建议吗?
回答by Benjamin
As mentioned by Jeremy Lindblomin the comments, the solution for AWS SDK v2is to set the ssl.certificate_authorityoption when instantiating the SDK:
正如Jeremy Lindblom在评论中提到的,AWS SDK v2的解决方案是ssl.certificate_authority在实例化 SDK 时设置选项:
$aws = Aws\Common\Aws::factory(array(
'region' => 'us-west-2',
'ssl.certificate_authority' => '/path/to/updated/cacert.pem'
));
I'll add that this was changed in the AWS SDK v3, here is the new method:
我要补充一点,这在AWS SDK v3 中已更改,这是新方法:
$client = new DynamoDbClient([
'region' => 'us-west-2',
'version' => 'latest',
'http' => [
'verify' => '/path/to/my/cert.pem'
]
]);
http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#verify
http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#verify
回答by BlackPearl
For those using WampServer, open the php.inifile then scroll down to the bottom and add the following:
对于使用 WampServer 的用户,打开php.ini文件然后向下滚动到底部并添加以下内容:
curl.cainfo = "C:\wamp\bin\php\php7.2.3\cacert.pem"
curl.cainfo = "C:\wamp\bin\php\php7.2.3\cacert.pem"
Make sure you have the cacert.pemfile in the folder of the current php version you are using. In my case, I have it in the php7.2.3folder.
确保您cacert.pem在当前使用的 php 版本的文件夹中有该文件。就我而言,我将它放在php7.2.3文件夹中。
回答by Ramesh Chand
I was getting the same error If you want to use http then you can use below solution:
我遇到了同样的错误如果你想使用 http,那么你可以使用以下解决方案:
Error executing "PutObject" on "https://s3-ap-southeast-2.amazonaws.com/mybucketname/TestBanner1_e1d8d74e41"; AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
I have resolved it by using http method this is not secure to use secure way enter _ curl.cainfo = "/path/to/file.cacert.pem"_ in php.ini file :
我已经通过使用 http 方法解决了这个问题,使用安全方式在 php.ini 文件中输入 _ curl.cainfo = "/path/to/file.cacert.pem"_ 是不安全的:
Solution:
解决方案:
'options' => [
'scheme' => 'http',
],
Complete Example code:
完整示例代码:
// ...
's3bucket' => [
'class' => \frostealth\yii2\aws\s3\Storage::className(),
'region' => 'ap-southeast-2',
'credentials' => [ // Aws\Credentials\CredentialsInterface|array|callable
'key' => 'JGUTEHCDE.............OSHS',
'secret' => 'SJEUC-----------jzy1-----rrT',
],
'bucket' => 'yours3bucket',
//'cdnHostname' => 'http://example.cloudfront.net',
'defaultAcl' => \frostealth\yii2\aws\s3\Storage::ACL_PUBLIC_READ,
'debug' => false, // bool|array
'options' => [
'scheme' => 'http',
],
],
// ...
回答by pankaj
I have Very Simple Solution of this problem. You can do this without any certificate file..
我有这个问题的非常简单的解决方案。您可以在没有任何证书文件的情况下执行此操作。
Go on Laravel Root Folder -> Vender -> guzzlehttp -> guzzle -> src
继续Laravel 根文件夹 -> Vender -> guzzlehttp -> guzzle -> src
open Client.php
打开 Client.php
find $defaultsArray . that look like this way ..
找到$defaults数组。看起来像这样..
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => true,
'cookies' => false
];
Now main Job is to change value of verifykey ..
现在主要工作是更改验证密钥的值..
'verify' => false,
So After this it will not check SSL Certificate for CURL Request... This Solution is work for me. I find this solution after many research ...
所以在这之后它不会检查 CURL 请求的 SSL 证书......这个解决方案对我有用。经过多次研究,我找到了这个解决方案......
回答by Abhishek Narsing
$s3 = new S3Client
([
'version' => 'latest',
'scheme' =>'http',
'region' => $this->config->item('s3_region'),
'credentials' => [
'key' => $this->config->item('s3_access_key'),
'secret' => $this->config->item('s3_secret_key')
],
]);
add Scheme to http if your protocol is Http
如果您的协议是 Http,则将 Scheme 添加到 http
