“找不到系统CA束".在本地主机上的Google App Engine上 [英] "No system CA bundle could be found" on Google App Engine on localhost

问题描述

我正在开发一个将在需要访问GDrive API的Google App Engine(GAE)中运行的应用程序.当它在云中运行时，我可以使用我的特殊域范围内的授权，这样我的用户便会自动获得身份验证，并且可以毫无问题地使用gdrive api.效果很好.

I'm working on an app that I'll be running in the Google App Engine (GAE) that needs to access the GDrive API. When it's running up in the cloud, I'm able to use my special domain-wide authorization so that my users are automatically authenticated and I can use the gdrive api without any problems. That works very well.

但是，在本地主机上进行测试时，由于我们本地主机实际上并未对您的Google帐户进行身份验证，因此无法在整个域范围内进行身份验证，因此您只能声称自己是想要的任何人.因此，我正在做的是在本地主机和GAE中以不同的方式实例化Google $ client .在GAE中，我在本地主机上使用特殊的域范围身份验证，然后使用具有客户端ID，客户端机密，oauth令牌处理等的传统Google客户端配置.

However, when testing on localhost, the domain-wide auth won't work because we localhost doesn't actually authenticate your Google Account, you're just allowed to claim to be anyone you want. So, what I'm doing is instantiating my google $client differently on localhost and in the GAE. In the GAE, I use the special domain-wide auth, on localhost then I'm using the traditional Google Client configuration with a client id, client secret, oauth token processing, etc.

我重定向到Google，告诉Google允许访问，然后Google重定向我回到localhost以完成oauth流程.当我从Google提取 code 并致电:

I redirect to Google, I tell Google to allow access, and then Google redirects me back to localhost to finalize the oauth process. When I take the code from google and call:

$client->authenticate($authcode);

我收到有关缺少CA捆绑软件的SSL错误.

I get an SSL error about a missing CA bundle.

在任何常见系统中都找不到系统CA捆绑软件位置.低于5.6的PHP版本未正确配置默认情况下使用系统的CA捆绑软件.为了验证对等证书，则需要提供磁盘上的路径到证书捆绑到验证"请求选项: http://docs.guzzlephp.org/en/latest/clients.html#verify.如果你不需要特定的证书包，然后Mozilla提供可以在此处下载的二手CA捆绑包(由cURL的维护者): https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt .磁盘上有CA捆绑包后，您可以设置"openssl.cafile" PHP ini设置指向文件的路径，允许您省略验证"请求选项.看 http://curl.haxx.se/docs/sslcerts.html 了解更多信息.

No system CA bundle could be found in any of the the common system locations. PHP versions earlier than 5.6 are not properly configured to use the system's CA bundle by default. In order to verify peer certificates, you will need to supply the path on disk to a certificate bundle to the 'verify' request option: http://docs.guzzlephp.org/en/latest/clients.html#verify. If you do not need a specific certificate bundle, then Mozilla provides a commonly used CA bundle which can be downloaded here (provided by the maintainer of cURL): https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP ini setting to point to the path to the file, allowing you to omit the 'verify' request option. See http://curl.haxx.se/docs/sslcerts.html for more information.

我已经下载了.crt文件，也尝试下载了他们的.pem文件，并且尝试以多种方式配置php.ini以使其使用这些文件...

I've downloaded the .crt file and I've also tried downloading their .pem file and I've tried configuring my php.ini in several fashions to make it use those files...

openssl.cafile="/path/to/ca-bundle.crt"

或

openssl.cafile="/path/to/cacert.pem"

或

curl.cainfo="/path/to/ca-bundle.crt"

或

curl.cainfo="/path/to/cacert.pem"

但是它们似乎没有一个起作用或有所作为.我想念什么?

But none of them seem to work or make a difference. What am I missing?

告诉我在生产和localhost上进行身份验证的身份意味着您不了解我要问的内容或我需要使用客户端的原因.我的问题是关于证书的.

Telling me to authenticate the same on production and localhost means that you don't understand what I'm asking or the reason why I need to use the client. My question is about the certificates.

推荐答案

我终于从这个答案中找到了一个解决方案，请投票给他们的答案.

I finally found a solution from this answer, please go vote up their answer.

通过Google和Guzzle的代码，您可能需要指定可以通过执行类似的操作来找到证书捆绑包在您设置Google客户端时，请遵循以下步骤，authenticate()呼叫:

Looking through Google and Guzzle's code you might need to specify where the certificate bundle can be found by doing something like the following when you setup the Google Client and before your authenticate() call:

$client->setHttpClient(new GuzzleHttp\Client(['verify'=>'path\to\your\cert-bundle']));

这将覆盖默认行为，并让您指定捆绑包是.

This will override the default behavior and let you specify where the bundle is.

这篇关于“找不到系统CA束".在本地主机上的Google App Engine上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！