SSL/TLS操作未能通过PHP5.6-curl-ca-bundle.crt& cacert.pem [英] SSL/TLS operations failing PHP5.6 - curl-ca-bundle.crt & cacert.pem

问题描述

这已经让我发疯了两个星期.

this has been driving me crazy for a couple of weeks now.

我通常在CentOS 7机器上进行开发，但是最近我开始在Windows 10上使用Xampp并使用CentOS机器将代码提交到&客户测试.

I usually do my development on a CentOS 7 box, but recently i've started using Xampp on Windows 10 and using the CentOS box to commit code to & client testing.

一切都可以在Linux上正常运行，但是在Windows上，任何SSL/TLS调用都失败了，据我所知，这是由于新的PHP5.6功能默认情况下会验证对等证书和主机名- http://php.net/manual/en/migration56.openssl.php

Everything works fine on the linux box, but on Windows any SSL/TLS calls are failing, and from what I can tell it's due to the new PHP5.6 feature of verifying peer certificates and host names by default - http://php.net/manual/en/migration56.openssl.php

我已经阅读了几乎所有的在线指导，以及关于SO的指导，据我所知，我已经尝试了所有方法，但是一无所获.

I've read just about every how-to guide online, and on SO, and as far as I know I've tried everything, but am getting nowhere.

请有人帮忙吗?！

扩展名extension=php_openssl.dll在php.ini中启用，extension=php_curl.dll也是如此.

Extension extension=php_openssl.dll is enabled in php.ini, and so is extension=php_curl.dll.

我还下载了cert文件，并将以下内容添加到了php.ini中.

I've also downloaded cert files and added the following to my php.ini..

curl.cainfo = "‪C:\xampp\php\certs\curl-ca-bundle.crt"
curl.capath = "‪C:\xampp\php\certs\"


openssl.cafile= "‪C:\xampp\php\certs\curl-ca-bundle.crt"
openssl.capath= "‪C:\xampp\php\certs\"

我得到的错误是:

对于使用TLS的SMTP呼叫:

For SMTP calls using TLS:

PHP Warning:  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in W:\libraries\Zend\Mail\Protocol\Smtp.php on line 206

对于cURL调用:

API call to messages/send failed: error setting certificate verify locations: CAfile: ‪C:\xampp\php\certs\cacert.pem CApath: none

C:\xampp\php\certs\目录的内容为:

ca-bundle.trust.crt
cacert.pem
curl-ca-bundle.crt

我已经重新启动了Apache，甚至尝试将curl.exe作为独立的程序在命令行中使用，它可以很好地请求HTTPS域(不确定是否相关，但是我还是尝试了！)

I have restarted Apache, and even tried using curl.exe as a standalone program in command line, which works fine requesting HTTPS domains (not sure if that is relevant, but I tried it anyway!)

我还尝试将以下内容添加到php.ini中(并重新启动Apache)，该操作无效.

I have also tried adding the following to php.ini (and restarting Apache) which has no effect..

openssl.verify_peer= false
openssl.verify_peer_name = false

有什么想法吗?

推荐答案

错误消息error setting certificate verify locations来自libcurl本身，表示它找不到或打开指定的CAFile.

The error message error setting certificate verify locations comes from libcurl itself and means it couldn't find or open the CAFile specified.

在Windows上，如果您将路径从以下位置更改，我认为它将起作用:

On Windows, I think it will work if you change the path from:

curl.cainfo = "‪C:\xampp\php\certs\curl-ca-bundle.crt"

到

curl.cainfo = "‪C:/xampp/php/certs/curl-ca-bundle.crt"

OpenSSL可能也是如此，但我尚未测试确认.

The same probably goes for OpenSSL but I haven't tested to confirm.

这篇关于SSL/TLS操作未能通过PHP5.6-curl-ca-bundle.crt& cacert.pem的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！