卷曲错误60，SSL证书问题:证书链中的自签名证书 [英] Curl error 60, SSL certificate issue: self signed certificate in certificate chain

问题描述

我尝试将带有正确的APP_ID，APP_SECRET等的curl请求发送到

I try to send curl request with my correct APP_ID, APP_SECRET etc. to the

  https://oauth.vk.com/access_token?client_id=APP_ID&client_secret=APP_SECRET&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a&redirect_uri=REDIRECT_URI 

我需要从中获取access_token，但否则将获得FALSE并curl_error()打印下一条消息:

I need to get access_token from it, but get a FALSE and curl_error() print next message otherwise:

60: SSL certificate problem: self signed certificate in certificate chain

我的代码是:

    // create curl resource
    $ch = curl_init();

    // set url
    curl_setopt($ch, CURLOPT_URL, $url);
    //return the transfer as a string
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

    // $output contains the output string
    $output = curl_exec($ch);
    if ( ! $output) {
        print curl_errno($ch) .': '. curl_error($ch);
    }

    // close curl resource to free up system resources
    curl_close($ch);

    return $output;

当我手动移动到上面的链接时，我会很好地获得access_token.为什么卷曲不起作用?请帮助.

When I move manually to the link above, I get access_token well. Why it doesn't work with curl? Help, please.

推荐答案

建议禁用CURLOPT_SSL_VERIFYPEER的答案不应被接受.问题是为什么它不能与cURL一起使用"，正如Martijn Hols正确指出的那样，这很危险.

Answers suggesting to disable CURLOPT_SSL_VERIFYPEER should not be accepted. The question is "Why doesn't it work with cURL", and as correctly pointed out by Martijn Hols, it is dangerous.

该错误可能是由于没有最新的CA根证书捆绑包引起的.这通常是带有一堆密码签名的文本文件，curl使用这些签名来验证主机的SSL证书.

The error is probably caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host’s SSL certificate.

您需要确保您的PHP安装中包含以下文件之一，并且文件是最新的(否则，请在此处下载一个文件:

You need to make sure that your installation of PHP has one of these files, and that it’s up to date (otherwise download one here: http://curl.haxx.se/docs/caextract.html).

然后设置为php.ini :

curl.cainfo = <absolute_path_to> cacert.pem

如果要在运行时进行设置，请使用:

If you are setting it at runtime, use:

curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");

这篇关于卷曲错误60，SSL证书问题:证书链中的自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！