PHP CURL CURLOPT_SSL_VERIFYPEER 被忽略
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15135834/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP CURL CURLOPT_SSL_VERIFYPEER ignored
提问by Greg
For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert (path? access rights?)
出于某种原因,我无法将 CURL 与 HTTPS 一起使用。一切正常,直到我升级 curl 库。现在,我在尝试执行 CURL 请求时遇到此响应: SSL CA 证书问题(路径?访问权限?)
Following suggestions posted here on related issues I have tried to do the following:
在此处发布的有关相关问题的建议之后,我尝试执行以下操作:
Disable verification for host and peer
curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);Enable
CURLOPT_SSL_VERIFYPEERand point to cacert.pem downloaded from http://curl.haxx.se/docs/caextract.htmlcurl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.
Edit php ini settings with
curl.cainfo=cacert.pem(file in the same directory and accessible by apache)Rename
/etc/pki/nssdbto/etc/pki/nssdb.old
禁用主机和对等方的验证
curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);启用
CURLOPT_SSL_VERIFYPEER并指向从http://curl.haxx.se/docs/caextract.html下载的 cacert.pemcurl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");我还尝试使用 positiveSSL.ca-bundle 做同样的事情,它作为我尝试连接的服务器的捆绑 CA 证书提供。
编辑 php ini 设置
curl.cainfo=cacert.pem(文件在同一目录中,可通过 apache 访问)重命名
/etc/pki/nssdb为/etc/pki/nssdb.old
Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert (path? access rights?) message.
不幸的是,以上都不能解决我的问题,我不断收到 SSL CA 证书问题(路径?访问权限?)消息。
And I don't need this verification in the first place (I am aware of security issues).
而且我一开始就不需要这个验证(我知道安全问题)。
Does anybody have any other suggestions?
有人有其他建议吗?
UPDATE
更新
After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!
更新到最新的库并重新启动整个盒子后,不仅仅是我正在做的 apache 现在似乎又开始工作了!!!
回答by clover
According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFOoption or a certificate directory can be specified with the CURLOPT_CAPATHoption.
根据文档:要验证主机或对等证书,您需要使用该CURLOPT_CAINFO选项指定备用证书,或者可以使用该CURLOPT_CAPATH选项指定证书目录。
Also look at CURLOPT_SSL_VERIFYHOST:
还看看 CURLOPT_SSL_VERIFYHOST:
- 1 to check the existence of a common name in the SSL peer certificate.
- 2 to check the existence of a common name and also verify that it matches the hostname provided.
- 1 检查 SSL 对等证书中是否存在通用名称。
- 2 检查通用名称是否存在,并验证它是否与提供的主机名匹配。
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
回答by Rvanlaak
We had the same problem on a CentOS7 machine. Disabling the VERIFYHOSTVERIFYPEERdid not solve the problem, we did not have the cURL error anymore but the response still was invalid. Doing a wgetto the same link as the cURL was doing also resulted in a certificate error.
我们在 CentOS7 机器上遇到了同样的问题。禁用VERIFYHOSTVERIFYPEER并没有解决问题,我们不再有 cURL 错误,但响应仍然无效。做一个wget相同的链路作为卷曲在做也导致证书错误。
-> Our solution also was to reboot the VPS, this solved it and we were able to complete the request again.
-> 我们的解决方案也是重新启动 VPS,这解决了它,我们能够再次完成请求。
For us this seemed to be a memory corruption problem. Rebooting the VPS reloaded the libary in the memory again and now it works. So if the above solution from @cloverdoes not work try to reboot your machine.
对我们来说,这似乎是一个内存损坏问题。重新启动 VPS 重新加载了内存中的库,现在它可以工作了。因此,如果上述解决方案@clover不起作用,请尝试重新启动您的机器。
