osx 10.10 Curl POST 到 HTTPS url 出现 SSLRead() 错误 [英] osx 10.10 Curl POST to HTTPS url gives SSLRead() error
问题描述
我最近刚刚升级到 OSX 10.10 Yosemite,升级后我无法再对 SSL url 执行 Curl POST.
I just recently upgraded to OSX 10.10 Yosemite and I since the upgrade I can't do Curl POST to a SSL url anymore.
我首先使用 wordpress 的 wp_remote_request 调用,并尝试在 php 中使用 curl.两者(如预期)都给出相同的错误消息:
I first used wordpress's wp_remote_request call and also tried to use curl in php.
Both (as expected) give the same error message:
错误编号:56
错误字符串:SSLRead() 返回错误 -9806
Error String:SSLRead() return error -9806
注意:当我将 POST 卷曲到 HTTP 时,它工作正常.我认为这是 PHP.ini 或我的 apache 中的设置(升级后我丢失了原始的 HTTPD.conf 文件......).
Note: when I curl POST to HTTP it works fine. I reckon it is a setting in PHP.ini or in my apache (I lost my original HTTPD.conf file after upgrade...).
有人可以帮我吗?
推荐答案
我看到当使用使用 Apple 在 Yosemite 下的安全传输,并且 URL 请求的目标不支持 SSLv3(可能由于
I've seen this error happen when php is compiled with a version of cURL that uses Apple's Secure Transport under Yosemite and the target of the URL request doesn't support SSLv3 (which was probably disabled due to the POODLE vulnerability). What is the output of this command?
$ php -i | grep "SSL Version"
我怀疑你会看到这个:
SSL Version => SecureTransport
您可以通过安装使用 cURL 版本的 php 版本来解决此问题,该版本使用 OpenSSL 而不是 SecureTransport.使用 homebrew 最容易做到这一点.因此,如果您还没有它,请先安装它.如果安装了自制软件,但升级到优胜美地后您还没有运行 brew update,请先执行此操作.还要确保您已安装 XCode >= 6.1 和最新的 XCode 命令行工具.brew doctor 会告诉你是否做对了.
You can overcome this by installing a version of php which uses a version of cURL which uses OpenSSL instead of SecureTransport. This is most easily done with homebrew. So install that first if you don't already have it. If homebrew is installed but you haven't run brew update since upgrading to Yosemite, do that first. Also make sure you've installed XCode >= 6.1 and the latest XCode command line tools. brew doctor will tell you if you've done it all right.
在下面添加您需要的 Homebrew Taps,以便安装 brewed php.如果这些 repos 已经被挖掘,请跳过这一步.如果您不确定这些存储库是否已被使用,只需运行以下命令.最坏的情况,你会得到一个无害的警告:已经被窃听!
Add the Homebrew taps below that you will need in order to get brewed php installed. Skip this step if these repos are already tapped. If you're unsure if these repos are already tapped, just run the commands below. Worst case scenario, you'll get a harmless Warning: Already tapped!
$ brew tap homebrew/dupes
$ brew tap homebrew/versions
$ brew tap homebrew/php
然后用openssl安装curl:
Then install curl with openssl:
$ brew install --with-openssl curl
然后用刚才安装的curl安装php并编译openssl:
Then install php using the curl you just installed and brewed openssl:
$ brew install --with-homebrew-curl --with-httpd24 php55
如果使用 apache,请确保将
LoadModule php5_module/usr/local/opt/php55/libexec/apache2/libphp5.so添加到您的/etc/apache2/httpd.conf并重新启动 apache.if using apache, make sure to add
LoadModule php5_module /usr/local/opt/php55/libexec/apache2/libphp5.soto your/etc/apache2/httpd.confand restart apache.如果不使用 apache 2.4,您可以从上面的命令中删除
--with-httpd24.if not using apache 2.4, you can remove
--with-httpd24from the above command.如果使用 nginx,请遵循启动 fpm 的警告说明:
if using nginx, follow the caveat instuctions for starting fpm:
在启动时启动 php-fpm:
To launch php-fpm on startup:
mkdir -p ~/Library/LaunchAgents cp /usr/local/opt/php55/homebrew.mxcl.php55.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.php55.plist
安装您需要的任何 php 扩展,例如.
mcrypt.Install any php extensions you're going to need eg.
mcrypt.$ brew install php55-mcrypt完成后,再次运行:
$ php -i | grep "SSL Version"你应该看到:
SSL Version => OpenSSL/1.0.2h现在,重新测试您的应用程序,
SSLRead() 返回错误 -9806应该会消失.And now, re-test your application and the
SSLRead() return error -9806should go away.这篇关于osx 10.10 Curl POST 到 HTTPS url 出现 SSLRead() 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
