卷曲错误60,SSL证书问题:证书链中的自签名证书 [英] Curl error 60, SSL certificate issue: self signed certificate in certificate chain
问题描述
我尝试将带有正确的APP_ID,APP_SECRET等的curl请求发送到
I try to send curl request with my correct APP_ID, APP_SECRET etc. to the
https://oauth.vk.com/access_token?client_id=APP_ID&client_secret=APP_SECRET&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a&redirect_uri=REDIRECT_URI
我需要从中获取access_token,但否则将获得FALSE并curl_error()
打印下一条消息:
I need to get access_token from it, but get a FALSE and curl_error()
print next message otherwise:
60: SSL certificate problem: self signed certificate in certificate chain
我的代码是:
// create curl resource
$ch = curl_init();
// set url
curl_setopt($ch, CURLOPT_URL, $url);
//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// $output contains the output string
$output = curl_exec($ch);
if ( ! $output) {
print curl_errno($ch) .': '. curl_error($ch);
}
// close curl resource to free up system resources
curl_close($ch);
return $output;
当我手动移动到上面的链接时,我会很好地获得access_token.为什么卷曲不起作用?请帮助.
When I move manually to the link above, I get access_token well. Why it doesn't work with curl? Help, please.
推荐答案
建议禁用CURLOPT_SSL_VERIFYPEER
的答案不应被接受.问题是为什么它不能与cURL一起使用",正如Martijn Hols正确指出的那样,这很危险.
Answers suggesting to disable CURLOPT_SSL_VERIFYPEER
should not be accepted. The question is "Why doesn't it work with cURL", and as correctly pointed out by Martijn Hols, it is dangerous.
该错误可能是由于没有最新的CA根证书捆绑包引起的.这通常是带有一堆密码签名的文本文件,curl使用这些签名来验证主机的SSL证书.
The error is probably caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host’s SSL certificate.
您需要确保您的PHP安装中包含以下文件之一,并且文件是最新的(否则,请在此处下载一个文件:
You need to make sure that your installation of PHP has one of these files, and that it’s up to date (otherwise download one here: http://curl.haxx.se/docs/caextract.html).
然后设置为php.ini :
curl.cainfo = <absolute_path_to> cacert.pem
如果要在运行时进行设置,请使用:
If you are setting it at runtime, use:
curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");
这篇关于卷曲错误60,SSL证书问题:证书链中的自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!