file_get_contents():SSL操作失败,代码为1,无法启用加密 [英] file_get_contents(): SSL operation failed with code 1, Failed to enable crypto
问题描述
我一直试图从我在服务器上创建的PHP页面访问此特定的REST服务.我将问题缩小到这两行.所以我的PHP页面看起来像这样:
I’ve been trying to access this particular REST service from a PHP page I’ve created on our server. I narrowed the problem down to these two lines. So my PHP page looks like this:
<?php
$response = file_get_contents("https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json");
echo $response; ?>
页面死于第2行,出现以下错误:
The page dies on line 2 with the following errors:
- 警告:file_get_contents():SSL操作失败,代码为1. OpenSSL错误消息:错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败 ...第2行的php
- 警告:file_get_contents():无法在... php上启用加密 第2行
- 警告: file_get_contents(
https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json): 无法打开流:在第2行的... php中操作失败
- Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in ...php on line 2
- Warning: file_get_contents(): Failed to enable crypto in ...php on line 2
- Warning: file_get_contents(
https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json): failed to open stream: operation failed in ...php on line 2
我们正在使用Gentoo服务器.我们最近升级到PHP版本5.6.升级之后,才出现此问题.
We’re using a Gentoo server. We recently upgraded to PHP version 5.6. It was after the upgrade when this problem appeared.
当我用https://www.google.com之类的地址替换REST服务时发现;我的页面工作正常.
I found when I replace the REST service with an address like https://www.google.com; my page works just fine.
在较早的尝试中,我设置了verify_peer=>false,并将其作为参数传递给file_get_contents,如下所述:
In an earlier attempt I set "verify_peer"=>false, and passed that in as an argument to file_get_contents, as described here: file_get_contents ignoring verify_peer=>false? But like the writer noted; it made no difference.
我问我们的一位服务器管理员,我们的php.ini文件中的这些行是否存在:
I’ve asked one of our server administrators if these lines in our php.ini file exist:
- extension = php_openssl.dll
- allow_url_fopen =开启
他告诉我,由于我们使用的是Gentoo,openssl是在构建时进行编译的;并且未在php.ini文件中设置.
He told me that since we’re on Gentoo, openssl is compiled when we build; and it’s not set in the php.ini file.
我还确认了allow_url_fopen在工作.由于此问题的特殊性质;我找不到很多需要帮助的信息.你们有没有遇到过这样的事情?谢谢.
I also confirmed that allow_url_fopen is working. Due to the specialized nature of this problem; I’m not finding a lot of information for help. Have any of you come across something like this? Thanks.
推荐答案
这是一个非常有用的链接,可以找到:
This was an enormously helpful link to find:
http://php.net/manual/en/migration56.openssl.php
一个正式文档,描述了在PHP 5.6中对打开ssl所做的更改 从这里我了解到我应该将另一个参数设置为false:"verify_peer_name" => false
An official document describing the changes made to open ssl in PHP 5.6 From here I learned of one more parameter I should have set to false: "verify_peer_name"=>false
注意:这具有非常重大的安全隐患.禁用验证可能会允许 MITM攻击者使用无效的证书进行窃听请求.虽然在本地开发中执行此操作可能有用,但应在生产中使用其他方法.
Note: This has very significant security implications. Disabling verification potentially permits a MITM attacker to use an invalid certificate to eavesdrop on the requests. While it may be useful to do this in local development, other approaches should be used in production.
所以我的工作代码如下:
So my working code looks like this:
<?php
$arrContextOptions=array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
),
);
$response = file_get_contents("https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json", false, stream_context_create($arrContextOptions));
echo $response; ?>
这篇关于file_get_contents():SSL操作失败,代码为1,无法启用加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
