file_get_contents():SSL 操作失败,代码为 1,无法启用加密 [英] file_get_contents(): SSL operation failed with code 1, Failed to enable crypto
问题描述
我一直在尝试从我在服务器上创建的 PHP 页面访问这个特定的 REST 服务.我将问题缩小到这两行.所以我的 PHP 页面如下所示:
I’ve been trying to access this particular REST service from a PHP page I’ve created on our server. I narrowed the problem down to these two lines. So my PHP page looks like this:
<?php
$response = file_get_contents("https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json");
echo $response; ?>
页面在第 2 行终止,并出现以下错误:
The page dies on line 2 with the following errors:
- 警告:file_get_contents():SSL 操作失败,代码为 1.OpenSSL 错误消息:错误:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败...第 2 行的 php
- 警告:file_get_contents():无法在 ...php 上启用加密第 2 行
- 警告:file_get_contents(
https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json):无法打开流:第 2 行的 ...php 中的操作失败
- Warning: file_get_contents(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
...php on line 2
- Warning: file_get_contents(): Failed to enable crypto in ...php on line 2
- Warning:
file_get_contents(
https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json): failed to open stream: operation failed in ...php on line 2
我们使用的是 Gentoo 服务器.我们最近升级到 PHP 5.6 版.这个问题是在升级后出现的.
We’re using a Gentoo server. We recently upgraded to PHP version 5.6. It was after the upgrade when this problem appeared.
当我用
https://www.google.com之类的地址替换 REST 服务时发现;我的页面工作得很好.I found when I replace the REST service with an address like
https://www.google.com; my page works just fine.在较早的尝试中,我设置了
verify_peer"=>false,并将其作为参数传递给 file_get_contents,如下所述:file_get_contents ignoring verify_peer=>false? 但就像作者指出的那样;它没有任何区别.In an earlier attempt I set
"verify_peer"=>false, and passed that in as an argument to file_get_contents, as described here: file_get_contents ignoring verify_peer=>false? But like the writer noted; it made no difference.我已经问过我们的一位服务器管理员我们的 php.ini 文件中是否存在这些行:
I’ve asked one of our server administrators if these lines in our php.ini file exist:
- extension=php_openssl.dll
- allow_url_fopen = 开启
他告诉我,由于我们在 Gentoo 上,所以在构建时会编译 openssl;它没有在 php.ini 文件中设置.
He told me that since we’re on Gentoo, openssl is compiled when we build; and it’s not set in the php.ini file.
我还确认
allow_url_fopen正在工作.由于这个问题的特殊性;我没有找到很多信息来寻求帮助.你们中有人遇到过这样的事情吗?谢谢.I also confirmed that
allow_url_fopenis working. Due to the specialized nature of this problem; I’m not finding a lot of information for help. Have any of you come across something like this? Thanks.推荐答案
这是一个非常有用的链接:
This was an enormously helpful link to find:
http://php.net/manual/en/migration56.openssl.php
一份官方文档,描述了在 PHP 5.6 中打开 ssl 所做的更改从这里我了解到另一个我应该设置为 false 的参数:verify_peer_name"=>false
An official document describing the changes made to open ssl in PHP 5.6 From here I learned of one more parameter I should have set to false: "verify_peer_name"=>false
注意:这具有非常重大的安全隐患.禁用验证可能会允许 MITM 攻击者使用无效证书来窃听请求.虽然在本地开发中这样做可能很有用,但在生产中应该使用其他方法.
Note: This has very significant security implications. Disabling verification potentially permits a MITM attacker to use an invalid certificate to eavesdrop on the requests. While it may be useful to do this in local development, other approaches should be used in production.
所以我的工作代码如下所示:
So my working code looks like this:
<?php $arrContextOptions=array( "ssl"=>array( "verify_peer"=>false, "verify_peer_name"=>false, ), ); $response = file_get_contents("https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json", false, stream_context_create($arrContextOptions)); echo $response; ?>这篇关于file_get_contents():SSL 操作失败,代码为 1,无法启用加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
