个人中心
gpt4 book ai didi

php - 使用 Windows Server 2008R2 和 PHP 5.2 的 cURL SSL CA 配置

转载 作者:太空宇宙 更新时间:2023-11-03 13:16:20 26 4
gpt4 key购买 nike

我正在尝试让 cURL SSL 在 PHP 5.2 下正常工作(我们运行的一些旧代码需要)而不禁用 SSL 验证。我已经下载了最新的(1 月 20 日)cacert.pem 文件并将其放入我们的 PHP 目录 (E:\PHP),然后运行一个小测试脚本:

<?php
  function nxs_cURLTest($url, $msg, $testText){  
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36"); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_TIMEOUT, 10); 
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt($ch, CURLOPT_CAINFO, "e:\php\cacert.pem");

    $verbose = fopen('php://temp', 'w+');
    curl_setopt($ch, CURLOPT_STDERR, $verbose);    

    $response = curl_exec($ch); 
    $errmsg = curl_error($ch); 
    $cInfo = curl_getinfo($ch); 
    curl_close($ch); 
    echo "<br />Testing ... ".$url." - ".$cInfo['url']."<br />";
    if (stripos($response, $testText)!==false) 
      echo "....".$msg." - OK<br />"; 
    else 
    { 
      echo "....<b style='color:red;'>".$msg." - Problem</b><br /><pre>"; 
      print_r($errmsg); 
      print_r($cInfo); 
      print_r(htmlentities($response)); 
      echo "</pre>There is a problem with cURL. You need to contact your server admin or hosting provider.<br />";
    }
    rewind($verbose);
    $verboseLog = stream_get_contents($verbose);
    echo "<br />Verbose output:</br />";
    echo "<pre>", htmlspecialchars($verboseLog), "</pre>";    
  }

  nxs_cURLTest("https://www.google.com/", "HTTPS to Google", "Mountain View, CA");
  nxs_cURLTest("https://internalserver.example.com/curl/", "HTTPS to Internal", "Internal Test");
?>

现在我预计用于调用内部服务器的 SSL 将失败,因为它使用不在 cacert.pem 文件中的自签名证书(一次一步),但我什至无法接到 Google 的电话上类。这是输出:

Testing ... https://www.google.com/ - https://www.google.com/....HTTPS to Google - Problem
SSL certificate problem, verify that the CA cert is OK. 
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Array
(
    [url] => https://www.google.com/
    [content_type] =>
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.047
    [namelookup_time] => 0.031
    [connect_time] => 0.047
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => -1
    [starttransfer_time] => 0
    [redirect_time] => 0
)
There is a problem with cURL. You need to contact your server admin or hosting provider.
Verbose output:
* About to connect() to www.google.com port 443 (#0)
*   Trying 216.58.192.100... * connected
* Connected to www.google.com (216.58.192.100) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: e:\php\cacert.pem
    CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0


Testing ... https://internalserver.example.com/curl/ - https://internalserver.example.com/curl/.... HTTPS to InternalServer - Problem
SSL certificate problem, verify that the CA cert is OK. 
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Array
(
    [url] => https://internalserver.example.com/curl/
    [content_type] =>
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0
    [namelookup_time] => 0
    [connect_time] => 0
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => -1
    [starttransfer_time] => 0
    [redirect_time] => 0
)
There is a problem with cURL. You need to contact your server admin or hosting provider.

Verbose output:
* About to connect() to internalserver.example.com port 443 (#0)
*   Trying 192.168.1.10... * connected
* Connected to internalserver.example.com (192.168.1.10) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: e:\php\cacert.pem
    CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details:
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0

最佳答案

我在这里看到两个潜在的问题。

1:Google 仅支持 TLSv1.0、TLSv1.1 和 TLSv1.2。由于您使用的是旧版本的 PHP,可能还有 cURL 和 OpenSSL,根据错误消息,您可能没有任何 TLS 支持。

2:在行curl_setopt($ch, CURLOPT_CAINFO, "e:\php\cacert.pem"); , \需要转义,因此它可能无法正确获取证书的路径。尝试 curl_setopt($ch, CURLOPT_CAINFO, "e:\\php\\cacert.pem");或者简单地 curl_setopt($ch, CURLOPT_CAINFO, "e:/php/cacert.pem");

但是根据错误信息,SSL3_GET_SERVER_CERTIFICATE:certificate verify failed我认为这是第一个问题。

检查 <?php phpinfo() ?>并查看 PHP 有哪些 cURL 和 OpenSSL 版本。如果是 OpenSSL 0.9.8,那么您很可能没有 TLS 支持。

关于php - 使用 Windows Server 2008R2 和 PHP 5.2 的 cURL SSL CA 配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35226546/

26 4 0
文章推荐: asp.net - 为 MVC Web 应用程序在 IIS Express 中的端口 443 上强制使用 SSL
文章推荐: amazon-web-services - 如何在VPC的私有(private)子网中为ELB设置SSL到E2C
文章推荐: java - Chrome/Firefox 和 Jetty HTTPS
文章推荐: c# - 我正在尝试使用以下代码片段在 C# 中运行 R 脚本。但是输出会重复
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com