gpt4 book ai didi

php - “composer install”命令在 Docker 上失败,出现 'SSL Operation Failed with code 1' 错误

转载 作者:太空宇宙 更新时间:2023-11-03 14:23:35 27 4
gpt4 key购买 nike

我在运行 Docker 的 Windows 机器上。 Docker 镜像是 FROM php:7.3-apache

System : Linux b6df004de9df 4.9.184-linuxkit #1 SMP Tue Jul 2 22:58:16 UTC 2019 x86_64

使用 Composer 版本 1.9.0 2019-08-02 20:55:32 在此容器中成功安装了 Composer。

现在,我进入容器的 bash 并输入命令 $ composer init 成功运行并初始化了 Composer ,然而,在 $ composer install命令,报错

[Composer\Downloader\TransportException] The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. Open SSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto failed to open stream: operation failed

因为我可以看到它是证书的 OpenSSL 错误,所以我尝试获取确切的错误:

root@b6df004de9df:/var/www/html/my_JSON_proj# openssl s_client -connect www.google.com:443 CONNECTED(00000003) depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net) , emailAddress = support@zscaler.com verify error:num=20:unable to get local issuer certificate

为了再次确认,我再次尝试:

root@b6df004de9df:/var/www/html/my_JSON_proj# curl https://google.com curl: (60) SSL certificate problem: unable to get local issuer certificate

Openssl 版本:OpenSSL 1.1.0k 2019 年 5 月 28 日

openssl_get_cert_locations() 的输出:

array(8) {
["default_cert_file"]=> "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=> "SSL_CERT_FILE"
["default_cert_dir"]=> "/usr/lib/ssl/certs"
["default_cert_dir_env"]=> "SSL_CERT_DIR"
["default_private_dir"]=> "/usr/lib/ssl/private"
["default_default_cert_area"]=> "/usr/lib/ssl"
["ini_cafile"]=> ""
["ini_capath"]=> ""
}

所以要解决这个我尝试过的解决方案:

  1. 我创建了本地主机证书引用:https://www.digicert.com/ssl-support/openssl-quick-reference-guide.htm#:~:targetText=OpenSSL%20is%20an%20open%2Dsource,and%20how%20to%20use%20them .但不确定何时将该证书放在 /usr/local/share/ca-certifcates/ 文件夹中并尝试<强> curl https://google.com/ --cacert/usr/local/share/ca-certifcates/localhost.pem - 仍然是同样的错误

  2. 编辑我的/usr/local/etc/php/php.ini php配置文件以添加

curl.cainfo="/usr/local/share/ca-certificates/localhost.pem"

openssl.cafile = "/usr/local/share/ca-certificates/localhost.pem"只是为了找到 - 同样的错误

我一直在尝试这个,但没有成功。我几乎浏览了所有与 curl、OpenSSL、SSL、Docker 等相关的堆栈溢出帖子,但找不到答案。

  • 进一步的更新和发现
    1. 令我惊讶的是,在 https://curl.haxx.se/ca/cacert.pem 提供的文件 'cacert.pem' (注意 - https)来解决 SSL 问题,而我无法连接到安全链接,我怎样才能从 https 下载 pem 文件?有点僵局?无论如何,所以我尝试使用 wget http://curl.haxx.se/ca/cacert.pem 一种获取 pem 文件的非安全方式进行下载,我得到的输出为:<
root@b6df004de9df:/usr/local/etc/openssl# wget http://curl.haxx.se/ca/cacert.pem
--2019-11-08 10:21:30-- http://curl.haxx.se/ca/cacert.pem
Resolving curl.haxx.se (curl.haxx.se)... 151.101.38.49, 2a04:4e42:9::561
Connecting to curl.haxx.se (curl.haxx.se)|151.101.38.49|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://curl.haxx.se/ca/cacert.pem [following]
--2019-11-08 10:21:31-- https://curl.haxx.se/ca/cacert.pem
Connecting to curl.haxx.se (curl.haxx.se)|151.101.38.49|:443... connected.
ERROR: The certificate of 'curl.haxx.se' is not trusted.
ERROR: The certificate of 'curl.haxx.se' hasn't got a known issuer.

因为它是一个 Linux 服务器并且没有可用的 GUI,所以我下载的唯一可能方式似乎是通过终端,而不是浏览器。

也就是说,我手动创建了 cacert.pem 文件并在其中输入了来自 curl.haxx.se 的内容。然后使用以下更改更新 php.ini 并重新启动 apache 服务器。

curl.cainfo:/usr/local/etc/openssl/cacert.pem &openssl.cafile:/usr/local/etc/openssl/cacert.pem仍然 - curl: (60) SSL 证书问题:无法获取本地颁发者证书

  1. 根据“openssl_get_cert_locations()”,更新了 php.ini 的 curl.cainfo 和 openssl.cafile,将“/usr/lib/ssl/cert.pem”作为其“default_cert_file”。重新启动 apache 服务器。尝试使用 curl https://www.google.com - 仍然 curl: (60) SSL 证书问题:无法获取本地颁发者证书

  2. 创建了一个新目录“ssl”,因为它还不存在,假设默认情况下,OpenSSL 目录是 /usr/local/ssl。在该文件夹中创建了 cacert.pem 文件。使用这个新的更新路径更新了 php.ini 中的 curl.cainfo 和 openssl.cafile 条目。为了安全起见,执行 update-ca-certificates --fresh 以防万一。重新启动了 apache 服务器。尝试使用 curl https://www.google.com - 仍然 curl: (60) SSL 证书问题:无法获取本地颁发者证书

旁注 cURL 命令的完整输出:

root@b6df004de9df:/usr/lib/ssl/certs# curl https://thawte.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
root@b6df004de9df:/usr/lib/ssl/certs# openssl s_client -connect thawte.com:443
CONNECTED(00000003)
depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net)
, emailAddress = support@zscaler.com
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/C=US/ST=Utah/
L=Lehi/O=DigiCert, Inc./OU=IT/CN=thawte.com
i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t)
1 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t)
i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net)/emailAddress=su
pport@zscaler.com
2 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net)/emailAddress=su
pport@zscaler.com
i:/C=US/ST=California/L=San Jose/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Root CA/emailAddress=support@zscaler.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGpzCCBY+gAwIBAgIQv2zANBgkqhkiG9w0XcVFbs+k59YwRwR4v+pBAQsFADCB
jTELMAkMxEzARBgNVBAgGA1UEBhMCVVTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpz
... few more lines ...
vxrc40H5bMPW/NgnBjRtUEPnAx9b3ll/sj3KfhbxU0bgnEYNMLb+nwnK6NDZRFpC
5E3fG+TFc9ehaBcF5xWttKz28Wr2nUUhMLhC
-----END CERTIFICATE-----
subject=/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/C=US/ST=Ut
ah/L=Lehi/O=DigiCert, Inc./OU=IT/CN=thawte.com
issuer=/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t)
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4270 bytes and written 326 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 06D54188D4F60C7746664262F72361EFE8DC728E9D37FDB25641A28C226DE83C3C574C781A0E4A268A7AEB6187EF54BF
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1573209517
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
---
read:errno=0

当前用于构建镜像的 DockerFile :

FROM php:7.3-apache 

RUN docker-php-ext-install mysql mysqli

RUN apt-get update -y && apt-get install -y sendmail libpng-dev

RUN apt-get update && \
apt-get install -y \
zlib1g-dev
libbz2-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng12-dev \
libxpm-dev \
libvpx-dev \
libmcrypt-dev \
libmemcached-dev \
&& \

RUN docker-php-ext-install mbstring

RUN docker-php-ext-install zip

RUN docker-php-ext-install gd

RUN docker-php-ext-install opcache

RUN docker-php-ext-install \
bcmath \
bz2 \
exif \
ftp \
gd \
gettext \
mbstring \
mcrypt \
mysqli \
opcache \
pdo_mysql \
shmop \
sockets \
sysvmsg \
sysvsem \
sysvshm \
zip \
p7zip-full \
&& \

最佳答案

终于解决了问题。实际上,我从来不需要设置 curl.cainfoopenssl.cafile 或与此相关的任何其他更新,例如下载要在容器中使用的证书等。After I create a Self Signed Certificate ,我必须配置 Apache 以使用 SSL将这些与 SSL 相关的更改放入 Apache 服务器,我们都准备好了。

关于php - “composer install”命令在 Docker 上失败,出现 'SSL Operation Failed with code 1' 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58745995/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com