PHP CURL和SSL证书（或证书链） [英] PHP CURL and SSL certificate (or cert chain)

问题描述

美好的一天！

我有REST API，可通过SSL（https：//）访问。我想将正确的证书（或证书链）以及编写为PHP和CURL的脚本一起提出请求。

I've REST API which is accessible via SSL (https://). I'd like to put correct cert (or cert chain) along with my scripts written PHP and CURL to make request.

以下是我目标的证书（ http：// api .vkontakte.ru ）在Firefox中看起来像：

Here are how certs from my target (http://api.vkontakte.ru) look like in Firefox:

http://speedcap.net/img/bc687485819715c65d6fe1e4ca1fdc40/1a2be.png

这是保存的证书链中的摘录PEM格式的X.509（来自Firefox
）（此处描述：> http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-站点/ ）：

Here is a snippet from saved "cert chain X.509 in PEM format" from Firefox (described here: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/):

-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgIHKx5Ov2FOejANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
[..skip...]
0npsf5fkvT8E13NgVY0PK6V/baMTlTgWXKQZ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
[..skip...]
qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
U+4=
-----END CERTIFICATE-----

以下是CURL初始化的代码示例：

Here is code example of CURL init:

$this->ch = curl_init();
    curl_setopt_array($this->ch, array(

        CURLOPT_TIMEOUT => 30,
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_AUTOREFERER => TRUE,
        CURLOPT_FOLLOWLOCATION => TRUE,

        CURLOPT_SSL_VERIFYPEER => TRUE,
        CURLOPT_SSL_VERIFYHOST => 2,
        CURLOPT_CAINFO => <path to my cert>,        
    )); 

我遇到了CURL错误60（ CURLE_SSL_CACERT ）抱怨wron证书。

I've got CURL error 60 (CURLE_SSL_CACERT) complaining about wron cert.

我尝试过的操作：

• 我已验证使用了我的证书文件，因为当我指定错误的路径时，它会抱怨找不到证书（错误70）

• I've verified that my cert file is used, because when I specify wrong path it complains that it can't find cert (error 70)

我已经与Facebook SDK及其证书链进行了核对，证明我的CURL可以使用这种设置

I've checked with Facebook SDK and their cert chain that my CURL works with such setup

我尝试导出不同的链（包括或不包括）链中的最后一个证书

I've tried to export different chains (including or excluding) last cert in chain

尝试了 CURLOPT_SSL_VERIFYHOST => 1 。

任何想法都欢迎！

推荐答案

Curl在服务器上的单独位置使用CA证书，而不是台式机那样在系统的其余位置使用CA证书。我之前必须将CA证书安装到文件系统中。 PHP libcurl将使用命令行实用程序也使用的库。请参阅 http://curl.haxx.se/docs/sslcerts.html 。

Curl uses CA certificates in a separate location on the server than what the rest of the system, like a desktop would. I have had to install CA certificates into the filesystem before. PHP libcurl will use the libraries that the command line utility uses as well. Please see http://curl.haxx.se/docs/sslcerts.html.

这篇关于PHP CURL和SSL证书（或证书链）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！