Curl 错误 60，SSL 证书问题:证书链中的自签名证书 [英] Curl error 60, SSL certificate issue: self signed certificate in certificate chain

问题描述

我尝试将带有我正确 APP_ID、APP_SECRET 等的 curl 请求发送到

I try to send curl request with my correct APP_ID, APP_SECRET etc. to the

  https://oauth.vk.com/access_token?client_id=APP_ID&client_secret=APP_SECRET&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a&redirect_uri=REDIRECT_URI 

我需要从中获取 access_token，但得到一个 FALSE 并且 curl_error() 否则打印下一条消息:

I need to get access_token from it, but get a FALSE and curl_error() print next message otherwise:

60: SSL certificate problem: self signed certificate in certificate chain

我的代码是:

    // create curl resource
    $ch = curl_init();

    // set url
    curl_setopt($ch, CURLOPT_URL, $url);
    //return the transfer as a string
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

    // $output contains the output string
    $output = curl_exec($ch);
    if ( ! $output) {
        print curl_errno($ch) .': '. curl_error($ch);
    }

    // close curl resource to free up system resources
    curl_close($ch);

    return $output;

当我手动移动到上面的链接时，我很好地获得了 access_token.为什么它不适用于 curl?请帮忙.

When I move manually to the link above, I get access_token well. Why it doesn't work with curl? Help, please.

推荐答案

建议禁用 CURLOPT_SSL_VERIFYPEER 的答案不应被接受.问题是为什么它不适用于 cURL"，正如 Martijn Hols 正确指出的那样，这是危险的.

Answers suggesting to disable CURLOPT_SSL_VERIFYPEER should not be accepted. The question is "Why doesn't it work with cURL", and as correctly pointed out by Martijn Hols, it is dangerous.

该错误可能是由于没有最新的 CA 根证书包引起的.这通常是一个带有一堆加密签名的文本文件，curl 使用这些签名来验证主机的 SSL 证书.

The error is probably caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host’s SSL certificate.

您需要确保您的 PHP 安装包含这些文件之一，并且是最新的(否则请在此处下载:http://curl.haxx.se/docs/caextract.html).

You need to make sure that your installation of PHP has one of these files, and that it’s up to date (otherwise download one here: http://curl.haxx.se/docs/caextract.html).

然后 设置php.ini:

curl.cainfo = <absolute_path_to> cacert.pem

如果是在运行时设置，使用 (where $ch = curl_init();):

If you are setting it at runtime, use (where $ch = curl_init();):

curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");

这篇关于Curl 错误 60，SSL 证书问题:证书链中的自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！