为什么我们在Windows中需要CURLOPT_SSL_VERIFYPEER [英] Why we need CURLOPT_SSL_VERIFYPEER in windows
问题描述
我将稍微解释一下我的脚本,以便您可以理解我的问题.
基本上,我做了一个脚本来检查SOCKS5是live还是dead.
当我在Linux VPS和iMac上测试我的脚本时,它运行正常,但是当我在Windows中使用wampserver对其进行测试时,直到将这行添加到cURL时,它才起作用:
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
有人可以向我解释为什么我在Windows中需要此行,而在Linux服务器上却不需要吗?
此cURL手册页位于 SSL证书描述了连接到受SSL/TLS保护的主机时 证书验证 的过程.
您需要在Windows上将CURLOPT_SSL_VERIFYPEER设置为false的原因是,用于验证证书的CA捆绑包丢失(或者没有默认路径编译到cURL中,因此您需要明确定义它)
您可以使用 curl在php.ini中对其进行配置. cainfo 指令,或在运行时使用以下命令进行指定:
curl_setopt($curl, CURLOPT_CAFILE, 'C:/path/to/ca-bundle.crt');
如果您没有副本,请在此处抓住. /p>
虽然禁用对等验证是一种解决方法,但这可能是不安全的,因为您正在禁用非常检查,以确保与您认为的网站安全地进行通信.
任何人都可以生成自签名证书来模拟域,但是如果无法验证证书,除非您忽略或绕过此检查(即CURLOPT_SSL_VERIFYPEER = false),否则浏览器或客户端(如cURL)将失败.
I'm going to explain a little bit about my script so you can understand my question.
Basically i did a script that checks the SOCKS5 if it is live or dead.
When i tested my script on Linux VPS and iMac it was working perfectly, however when i tested it on Windows with wampserver it did not work until i added this line to cURL :
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
Can anyone explain to me why do i need this line in Windows and i don't need it on the Linux server?
This cURL man page on SSL Certificates describes the process for Certificate Verification when connecting to SSL/TLS secured hosts.
The reason you are needing to set CURLOPT_SSL_VERIFYPEER to false on Windows is because the CA bundle it uses to verify the certificates is missing (or there is no default path compiled into cURL so you need to explicitly define it).
You can configure it in php.ini using the curl.cainfo directive, or specify it at runtime using:
curl_setopt($curl, CURLOPT_CAFILE, 'C:/path/to/ca-bundle.crt');
If you don't have a copy, grab a recent one here.
While disabling peer verification is a workaround, this can be unsafe because you're disabling the very check that ensures you are securely communicating with the site you think you are.
Anyone can generate a self signed certificate to impersonate a domain, but browsers or clients (like cURL) will fail if the certificate can't be verified unless you ignore or bypass this check (i.e. CURLOPT_SSL_VERIFYPEER = false).
这篇关于为什么我们在Windows中需要CURLOPT_SSL_VERIFYPEER的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
