If you check the PHP source for the openssl_get_cert_locations()function, it is getting those locations by calling various OpenSSL functions such as X509_get_default_cert_fileand looking at php.inivalues openssl.cafileand openssl.capathdescribed here.

如果您检查PHP源代码的openssl_get_cert_locations()功能，它是通过调用各种OpenSSL的功能，如让这些地点X509_get_default_cert_file和寻找php.ini价值openssl.cafile和openssl.capath描述在这里。

What certificates/paths are you looking for exactly? If you are trying to get a CA bundle file you could set the above referenced php.inivalues so they are returned by openssl_get_cert_locations.

您正在寻找哪些证书/路径？如果您正在尝试获取 CA 包文件，您可以设置上述引用的php.ini值，以便它们由openssl_get_cert_locations.

The default php.inifile for PHP 5.6 has no default settings for those OpenSSL ini settings as they need to be defined manually. This configuration is located near the end of php.ini

php.iniPHP 5.6的默认文件没有这些 OpenSSL ini 设置的默认设置，因为它们需要手动定义。此配置位于末尾附近php.ini

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=

When using cURL, if you want to disable cert validation, you can pass these options to curl_setopt():

使用 cURL 时，如果要禁用证书验证，可以将这些选项传递给curl_setopt()：

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);  // shouldn't need this

CURLOPT_SSL_VERIFYPEERis described as:

CURLOPT_SSL_VERIFYPEER被描述为：

FALSE to stop cURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.

FALSE 停止 cURL 验证对等方的证书。可以使用 CURLOPT_CAINFO 选项指定要验证的替代证书，或者可以使用 CURLOPT_CAPATH 选项指定证书目录。

CURLOPT_SSL_VERIFYHOSTis descibed as:

CURLOPT_SSL_VERIFYHOST被描述为：

1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. In production environments the value of this option should be kept at 2 (default value).

1 检查 SSL 对等证书中是否存在通用名称。2 检查通用名称是否存在，并验证它是否与提供的主机名匹配。在生产环境中，此选项的值应保持为 2（默认值）。

If you have CA files, you can use the option CURLOPT_CAINFOto provide the full path to the file holding one or more certificates to verify the peer with.

如果您有 CA 文件，则可以使用该选项CURLOPT_CAINFO提供包含一个或多个证书的文件的完整路径以验证对等方。

To disable checking for a stream opened with fsockopen, try:

要禁用检查打开的流fsockopen，请尝试：

<?php
$context = stream_context_create();
$result = stream_context_set_option($context, 'ssl', 'verify_peer', false);

$socket = stream_socket_client('ssl://'.$host . ':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); 

See SSL Context Optionsfor more info and stream_socket_client().

有关更多信息，请参阅SSL 上下文选项stream_socket_client()。