php Curl 请求在 SSL 上失败?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3876563/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Curl request is failing on the SSL?
提问by Matt Elhotiby
I have this code
我有这个代码
if(ereg("^(https)",$url))
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,false);
// execute, and log the result to curl_put.log
$result = curl_exec($curl);
$error = curl_error($curl);
The error specified is
指定的错误是
SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
Any ideas on the cause
关于原因的任何想法
采纳答案by Sarfraz
With SSL, make sure that you have openssl extensionturned on from php.ini.
使用 SSL,请确保您已从 php.ini 启用openssl 扩展。
回答by Nick Caballero
I encountered a similar cryptic error while working with a third-party library. I tried the CURLOPT_SSL_VERIFY[PEER|HOST]but it made no difference. My error message was similar:
我在使用第三方库时遇到了类似的神秘错误。我试过了,CURLOPT_SSL_VERIFY[PEER|HOST]但没有任何区别。我的错误信息是类似的:
SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
So I visited http://curl.haxx.se/libcurl/c/libcurl-errors.html, looking for the error code 54.
所以我访问了http://curl.haxx.se/libcurl/c/libcurl-errors.html,寻找错误代码 54。
CURLE_SSL_ENGINE_SETFAILED (54) Failed setting the selected SSL crypto engine as default!
This was wrong though - I was making other HTTPS requests using curl in other parts of the application. So I kept digging and found this question, R & RCurl: Error 54 in libcurl, which had this gem:
但是这是错误的 - 我在应用程序的其他部分使用 curl 发出其他 HTTPS 请求。所以我继续挖掘并发现了这个问题,R & RCurl: Error 54 in libcurl,它有这个宝石:
The output you see is from lib/ssluse.c in libcurl's source code and the "errno" mentioned there is not the libcurl error code but the actual errno variable at that time.
您看到的输出来自 libcurl 源代码中的 lib/ssluse.c,并且提到的“errno”不是 libcurl 错误代码,而是当时实际的 errno 变量。
So, don't let the output of curl_error()mislead you. Instead, use curl_errno()to obtain the correcterror code, which in this case was actually 56, CURLE_RECV_ERROR. Had the wrong host name...
所以,不要让curl_error()的输出误导你。相反,使用curl_errno()获取正确的错误代码,在本例中实际上是 56,CURLE_RECV_ERROR。有错误的主机名...
回答by Markus D.
I've had the same problem. It turned out, that the ssl on the target system had a bad configuration.
我遇到了同样的问题。事实证明,目标系统上的 ssl 配置错误。
After checking the php curl module, the GuzzleHttp version, the openssl version I called the link in the browser and it worked. But with curl --tlsv1 -kv https://www.example.comon the console there was still an error.
在检查了 php curl 模块、GuzzleHttp 版本、openssl 版本后,我在浏览器中调用了该链接并且它工作正常。但是在控制台上仍然有错误。curl --tlsv1 -kv https://www.example.com
So I checked the ssl configuration at https://www.ssllabs.com/ssltest/It was rated with B. And there where some Online Certificate Status Protocol (OCSP) errors I haven't seen before. Finally I changed my configuration on the target system to the suggestions at https://cipherli.st/restarted the webserver and everything worked. The new rating at ssllabs is now A+.
所以我检查了https://www.ssllabs.com/ssltest/ 上的 ssl 配置,它被评为 B。那里有一些我以前从未见过的在线证书状态协议 (OCSP) 错误。最后,我将目标系统上的配置更改为https://cipherli.st/上的建议重新启动了网络服务器,一切正常。ssllabs 的新评级现在是 A+。
My nginx configuration (Ubuntu 14.04, nginx 1.4.6-1ubuntu3.5):
我的 nginx 配置(Ubuntu 14.04,nginx 1.4.6-1ubuntu3.5):
ssl on;
ssl_certificate /etc/ssl/certs/1_www.example.com_bundle.crt;
ssl_certificate_key /etc/ssl/private/www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
#ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify off; # Requires nginx => 1.3.7
ssl_dhparam /etc/ssl/private/dhparams.pem;
ssl_trusted_certificate /etc/ssl/startssl.ca.pem;
resolver 8.8.8.8 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; www.example.com; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
回答by Ahmed Mihoub
It means the destination server require an SSL communication.
这意味着目标服务器需要 SSL 通信。
You should generate an SSL certificate for your sending server from wich you run the CURL request
您应该从运行 CURL 请求的发送服务器生成 SSL 证书
Let's Encrypt is the first free and open CA
Let's Encrypt 是第一个免费且开放的 CA
Everything is described here sslforfree.com
一切都在这里描述sslforfree.com
回答by eloone
I had the same error printed by the function curl_errorbut this is not necessarily related to SSL. It is better to print the precise error number with the function curl_errnoand you can diagnose better from there. In my case it returned me a 52 error code and I could debug from there, in fact the other server was not sending any data.
该函数打印了相同的错误,curl_error但这不一定与 SSL 相关。最好使用该功能打印精确的错误编号,curl_errno您可以从那里更好地进行诊断。就我而言,它返回了 52 错误代码,我可以从那里进行调试,实际上另一台服务器没有发送任何数据。
回答by Eli
I think you mean to use CURLOPT_SSL_VERIFYHOST, not CURLOPT_SSL_VERIFYPEER
我认为您的意思是使用 CURLOPT_SSL_VERIFYHOST,而不是 CURLOPT_SSL_VERIFYPEER
回答by Hymantrade
add this:
添加这个:
curl_setopt( $curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt( $curl, CURLOPT_SSL_VERIFYHOST, 0);
I had the same error and worked fine for me.
我有同样的错误,对我来说效果很好。
