Guzzle Curl 错误 60 SSL 无法获得本地发行者 [英] Guzzle Curl Error 60 SSL unable to get local issuer
本文介绍了Guzzle Curl 错误 60 SSL 无法获得本地发行者的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
尝试使用 YouTube API v3 来获取一些视频信息,在使用服务描述符的 Symfony2 中使用 Guzzle.
Trying to use the YouTube API v3 to get some video(s) information, using Guzzle in Symfony2 using Service Descriptors.
当我运行脚本时,我得到了这个:
When I run the script, I get this:
[curl] 60:SSL 证书问题:无法获取本地颁发者证书 [网址]https://www.googleapis.com/youtube/v3/videos?id=2xbVbCoHBgA&part=snippet&key={MY_KEY}
[curl] 60: SSL certificate problem: unable to get local issuer certificate [url] https://www.googleapis.com/youtube/v3/videos?id=2xbVbCoHBgA&part=snippet&key={MY_KEY}
500 内部服务器错误 - CurlException
500 Internal Server Error - CurlException
我的描述符如下所示:
{
"name": "YouTube",
"baseUrl": "https://www.googleapis.com",
"apiVersion": "v3",
"description": "YouTube GData Graph API",
"operations": {
"GetVideos": {
"httpMethod": "GET",
"uri": "/youtube/v3/videos",
"parameters": {
"id": {
"type":"string",
"location":"query",
"required": true
},
"part": {
"location": "query",
"default": "snippet"
},
"key": {
"location": "query",
"default": "{MY KEY}",
"static": true
},
"maxResults": {
"location": "query",
"default": 50
}
}
}
}
}
这是在本地 Ubuntu 14.04 开发环境中运行的,其中包含一个非常基本的 LAMP 堆栈.
This is running on a local Ubuntu 14.04 development environment with a very basic LAMP stack going on.
关于可能导致这种情况的任何想法?
Any ideas as to what might be causing this?
推荐答案
[curl] 60: SSL 证书问题:无法获取本地颁发者证书
嗯,从外面看,服务器证书好像坏了.它不包括名称googleapis.com".
Well, from the outside looking in, it looks like the server certificate is bad. It does not include the name "googleapis.com".
首先,使用openssl s_client获取证书:
openssl s_client -connect googleapis.com:443
然后将证书保存到文件中.证书以-----BEGIN CERTIFICATE-----开头,以-----END CERTIFICATE-----结尾.
Then save the certificate to a file. The certificate starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
接下来,使用 openssl x509 打印证书(如下所示).它缺少 googleapis.com.
Next, print the certificate with openssl x509 (shown below). Its missing googleapis.com.
您可能需要接受名称不匹配,并固定服务器的公钥.谷歌每 30 天左右轮换一次他们的证书,以保持移动客户端的 CRL 较小.这意味着您无法固定证书.但是,Google 会重新认证相同的公钥,因此公钥固定等密钥连续性方案会起作用.
You probably need to accept the name mismatch, and pin the server's public key. Google rotates their certificates every 30 days or so to keep CRLs small for mobile clients. That means you can't pin the certificate. However, Google re-certifies the same public key, so key continuity schemes like public key pinning work.
使用 openssl s_client 时还有一个较小的第二个问题.s_client 需要使用 Google Internet Authority G2 的选项 CAfile.缺少的 CA 导致错误 unable to get local issuer certificate 下面.您可以在 pki.google.com 下载 Google 的 CA 文件.
There's a smaller, second issue when using openssl s_client. s_client needs the option CAfile using Google Internet Authority G2. The missing CA is causing the error unable to get local issuer certificate below. You can download Google's CA file at pki.google.com.
$ openssl s_client -connect googleapis.com:443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
您也可以使用 Equifax Secure Certificate Authority 作为信任根,因为它似乎是 Equifax 交叉认证的 Google 的 CA.
You could also use Equifax Secure Certificate Authority as the root of trust because it appears Equifax cross-certified Google's CA.
但名称不匹配是一个交易破坏者.这是 X509 证书应该做的一件事:通过受信任的机构将实体(如服务器名称或用户)绑定到公钥.谁签署了损坏的证书并不重要(我本可以签署的).
But the name mismatch is a deal breaker. That's the one thing an X509 certificate is supposed to do: bind a entity, like a server name or user, to a public key through a trusted authority. It does not matter who signed the broken certificate (I could have signed it).
$ openssl x509 -in googleapis-com.txt -inform PEM -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9106978240760957072 (0x7e627c7589c4c890)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Jul 2 13:04:27 2014 GMT
Not After : Sep 30 00:00:00 2014 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ab:02:29:67:f1:08:cc:f0:5c:63:ff:75:b3:bd:
41:62:c6:83:0c:3b:e6:1b:9a:41:0d:dc:5a:b3:34:
db:a3:37:6f:4f:bf:f5:8a:01:39:6a:91:b7:d1:a6:
83:6d:c6:28:60:79:c9:07:f2:ad:23:00:f2:31:74:
b0:a3:d0:d6:ac:5a:f4:31:c8:98:9c:49:c6:20:0b:
ce:81:2b:51:b6:54:0f:65:54:f2:b3:08:c9:c0:c8:
ca:a6:ec:bb:fc:8e:a5:64:70:6b:dc:08:45:9c:14:
cd:cd:aa:49:fd:e9:a5:f1:7d:c6:f8:5d:52:e8:d8:
3d:21:81:46:49:ba:f7:bd:7d:07:42:31:cf:79:61:
b1:47:2c:ba:ce:5a:cd:52:4a:5f:d2:b6:88:d0:a2:
94:53:e2:65:d6:66:80:43:17:e1:2e:43:ab:ca:2f:
79:e6:11:8b:4a:35:fa:e1:43:e3:49:66:5a:1f:e0:
a3:1c:5e:1c:6e:aa:de:0d:ba:cb:20:e3:3d:9e:66:
47:32:25:3c:01:22:b3:69:a6:96:0e:2e:13:c7:fd:
70:c6:61:7e:a9:f0:ad:a4:a6:41:13:36:8c:46:74:
c8:a5:ac:b0:b5:17:00:b8:0e:62:79:1a:fc:7e:7c:
2b:f7:2e:c0:ab:07:fc:8e:46:3c:8f:f2:e5:6e:8f:
83:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:google.com, DNS:*.2mdn.net, DNS:*.android.com, DNS:*.appengine.google.com,
DNS:*.au.doubleclick.net, DNS:*.cc-dt.com, DNS:*.cloud.google.com, DNS:*.de.doubleclick.net,
DNS:*.doubleclick.com, DNS:*.doubleclick.net, DNS:*.fls.doubleclick.net, DNS:*.fr.doubleclick.net,
DNS:*.google-analytics.com, DNS:*.google.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af,
DNS:*.google.ag, DNS:*.google.al, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at,
DNS:*.google.az, DNS:*.google.ba, DNS:*.google.be, DNS:*.google.bf, DNS:*.google.bg,
DNS:*.google.bi, DNS:*.google.bj, DNS:*.google.bs, DNS:*.google.bt, DNS:*.google.by,
DNS:*.google.ca, DNS:*.google.cat, DNS:*.google.cc, DNS:*.google.cd, DNS:*.google.cf,
DNS:*.google.cg, DNS:*.google.ch, DNS:*.google.ci, DNS:*.google.cl, DNS:*.google.cm,
DNS:*.google.cn, DNS:*.google.co.ao, DNS:*.google.co.bw, DNS:*.google.co.ck, DNS:*.google.co.cr,
DNS:*.google.co.hu, DNS:*.google.co.id, DNS:*.google.co.il, DNS:*.google.co.im, DNS:*.google.co.in,
DNS:*.google.co.je, DNS:*.google.co.jp, DNS:*.google.co.ke, DNS:*.google.co.kr, DNS:*.google.co.ls,
DNS:*.google.co.ma, DNS:*.google.co.mz, DNS:*.google.co.nz, DNS:*.google.co.th, DNS:*.google.co.tz,
DNS:*.google.co.ug, DNS:*.google.co.uk, DNS:*.google.co.uz, DNS:*.google.co.ve, DNS:*.google.co.vi,
DNS:*.google.co.za, DNS:*.google.co.zm, DNS:*.google.co.zw, DNS:*.google.com, DNS:*.google.com.af,
DNS:*.google.com.ag, DNS:*.google.com.ai, DNS:*.google.com.ar, DNS:*.google.com.au,
DNS:*.google.com.bd, DNS:*.google.com.bh, DNS:*.google.com.bn, DNS:*.google.com.bo,
DNS:*.google.com.br, DNS:*.google.com.by, DNS:*.google.com.bz, DNS:*.google.com.cn,
DNS:*.google.com.co, DNS:*.google.com.cu, DNS:*.google.com.cy, DNS:*.google.com.do,
DNS:*.google.com.ec, DNS:*.google.com.eg, DNS:*.google.com.et, DNS:*.google.com.fj,
DNS:*.google.com.ge, DNS:*.google.com.gh, DNS:*.google.com.gi, DNS:*.google.com.gr,
DNS:*.google.com.gt, DNS:*.google.com.hk, DNS:*.google.com.iq, DNS:*.google.com.jm,
DNS:*.google.com.jo, DNS:*.google.com.kh, DNS:*.google.com.kw, DNS:*.google.com.lb,
DNS:*.google.com.ly, DNS:*.google.com.mm, DNS:*.google.com.mt, DNS:*.google.com.mx,
DNS:*.google.com.my, DNS:*.google.com.na, DNS:*.google.com.nf, DNS:*.google.com.ng,
DNS:*.google.com.ni, DNS:*.google.com.np, DNS:*.google.com.nr, DNS:*.google.com.om,
DNS:*.google.com.pa, DNS:*.google.com.pe, DNS:*.google.com.pg, DNS:*.google.com.ph,
DNS:*.google.com.pk, DNS:*.google.com.pl, DNS:*.google.com.pr, DNS:*.google.com.py,
DNS:*.google.com.qa, DNS:*.google.com.ru, DNS:*.google.com.sa, DNS:*.google.com.sb,
DNS:*.google.com.sg, DNS:*.google.com.sl, DNS:*.google.com.sv, DNS:*.google.com.tj,
DNS:*.google.com.tn, DNS:*.google.com.tr, DNS:*.google.com.tw, DNS:*.google.com.ua,
DNS:*.google.com.uy, DNS:*.google.com.vc, DNS:*.google.com.ve, DNS:*.google.com.vn, DNS:*.google.cv,
DNS:*.google.cz, DNS:*.google.de, DNS:*.google.dj, DNS:*.google.dk, DNS:*.google.dm,
DNS:*.google.dz, DNS:*.google.ee, DNS:*.google.es, DNS:*.google.fi, DNS:*.google.fm,
DNS:*.google.fr, DNS:*.google.ga, DNS:*.google.ge, DNS:*.google.gg, DNS:*.google.gl,
DNS:*.google.gm, DNS:*.google.gp, DNS:*.google.gr, DNS:*.google.gy, DNS:*.google.hk,
DNS:*.google.hn, DNS:*.google.hr, DNS:*.google.ht, DNS:*.google.hu, DNS:*.google.ie,
DNS:*.google.im, DNS:*.google.info, DNS:*.google.iq, DNS:*.google.ir, DNS:*.google.is,
DNS:*.google.it, DNS:*.google.it.ao, DNS:*.google.je, DNS:*.google.jo, DNS:*.google.jobs,
DNS:*.google.jp, DNS:*.google.kg, DNS:*.google.ki, DNS:*.google.kz, DNS:*.google.la,
DNS:*.google.li, DNS:*.google.lk, DNS:*.google.lt, DNS:*.google.lu, DNS:*.google.lv,
DNS:*.google.md, DNS:*.google.me, DNS:*.google.mg, DNS:*.google.mk, DNS:*.google.ml,
DNS:*.google.mn, DNS:*.google.ms, DNS:*.google.mu, DNS:*.google.mv, DNS:*.google.mw,
DNS:*.google.ne, DNS:*.google.ne.jp, DNS:*.google.net, DNS:*.google.ng, DNS:*.google.nl,
DNS:*.google.no, DNS:*.google.nr, DNS:*.google.nu, DNS:*.google.off.ai, DNS:*.google.pk,
DNS:*.google.pl, DNS:*.google.pn, DNS:*.google.ps, DNS:*.google.pt, DNS:*.google.ro,
DNS:*.google.rs, DNS:*.google.ru, DNS:*.google.rw, DNS:*.google.sc, DNS:*.google.se,
DNS:*.google.sh, DNS:*.google.si, DNS:*.google.sk, DNS:*.google.sm, DNS:*.google.sn,
DNS:*.google.so, DNS:*.google.sr, DNS:*.google.st, DNS:*.google.td, DNS:*.google.tg,
DNS:*.google.tk, DNS:*.google.tl, DNS:*.google.tm, DNS:*.google.tn, DNS:*.google.to,
DNS:*.google.tt, DNS:*.google.us, DNS:*.google.uz, DNS:*.google.vg, DNS:*.google.vu,
DNS:*.google.ws, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com,
DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.jp.doubleclick.net, DNS:*.metric.gstatic.com,
DNS:*.uk.doubleclick.net, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com,
DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:ad.mo.doubleclick.net,
DNS:android.com, DNS:doubleclick.net, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.ac,
DNS:google.ad, DNS:google.ae, DNS:google.af, DNS:google.ag, DNS:google.al, DNS:google.am,
DNS:google.as, DNS:google.at, DNS:google.az, DNS:google.ba, DNS:google.be, DNS:google.bf,
DNS:google.bg, DNS:google.bi, DNS:google.bj, DNS:google.bs, DNS:google.bt, DNS:google.by,
DNS:google.ca, DNS:google.cat, DNS:google.cc, DNS:google.cd, DNS:google.cf, DNS:google.cg,
DNS:google.ch, DNS:google.ci, DNS:google.cl, DNS:google.cm, DNS:google.cn, DNS:google.co.ao,
DNS:google.co.bw, DNS:google.co.ck, DNS:google.co.cr, DNS:google.co.hu, DNS:google.co.id,
DNS:google.co.il, DNS:google.co.im, DNS:google.co.in, DNS:google.co.je, DNS:google.co.jp,
DNS:google.co.ke, DNS:google.co.kr, DNS:google.co.ls, DNS:google.co.ma, DNS:google.co.mz,
DNS:google.co.nz, DNS:google.co.th, DNS:google.co.tz, DNS:google.co.ug, DNS:google.co.uk,
DNS:google.co.uz, DNS:google.co.ve, DNS:google.co.vi, DNS:google.co.za, DNS:google.co.zm,
DNS:google.co.zw, DNS:google.com.af, DNS:google.com.ag, DNS:google.com.ai, DNS:google.com.ar,
DNS:google.com.au, DNS:google.com.bd, DNS:google.com.bh, DNS:google.com.bn, DNS:google.com.bo,
DNS:google.com.br, DNS:google.com.by, DNS:google.com.bz, DNS:google.com.cn, DNS:google.com.co,
DNS:google.com.cu, DNS:google.com.cy, DNS:google.com.do, DNS:google.com.ec, DNS:google.com.eg,
DNS:google.com.et, DNS:google.com.fj, DNS:google.com.ge, DNS:google.com.gh, DNS:google.com.gi,
DNS:google.com.gr, DNS:google.com.gt, DNS:google.com.hk, DNS:google.com.iq, DNS:google.com.jm,
DNS:google.com.jo, DNS:google.com.kh, DNS:google.com.kw, DNS:google.com.lb, DNS:google.com.ly,
DNS:google.com.mm, DNS:google.com.mt, DNS:google.com.mx, DNS:google.com.my, DNS:google.com.na,
DNS:google.com.nf, DNS:google.com.ng, DNS:google.com.ni, DNS:google.com.np, DNS:google.com.nr,
DNS:google.com.om, DNS:google.com.pa, DNS:google.com.pe, DNS:google.com.pg, DNS:google.com.ph,
DNS:google.com.pk, DNS:google.com.pl, DNS:google.com.pr, DNS:google.com.py, DNS:google.com.qa,
DNS:google.com.ru, DNS:google.com.sa, DNS:google.com.sb, DNS:google.com.sg, DNS:google.com.sl,
DNS:google.com.sv, DNS:google.com.tj, DNS:google.com.tn, DNS:google.com.tr, DNS:google.com.tw,
DNS:google.com.ua, DNS:google.com.uy, DNS:google.com.vc, DNS:google.com.ve, DNS:google.com.vn,
DNS:google.cv, DNS:google.cz, DNS:google.de, DNS:google.dj, DNS:google.dk, DNS:google.dm,
DNS:google.dz, DNS:google.ee, DNS:google.es, DNS:google.fi, DNS:google.fm, DNS:google.fr,
DNS:google.ga, DNS:google.ge, DNS:google.gg, DNS:google.gl, DNS:google.gm, DNS:google.gp,
DNS:google.gr, DNS:google.gy, DNS:google.hk, DNS:google.hn, DNS:google.hr, DNS:google.ht,
DNS:google.hu, DNS:google.ie, DNS:google.im, DNS:google.info, DNS:google.iq, DNS:google.ir,
DNS:google.is, DNS:google.it, DNS:google.it.ao, DNS:google.je, DNS:google.jo, DNS:google.jobs,
DNS:google.jp, DNS:google.kg, DNS:google.ki, DNS:google.kz, DNS:google.la, DNS:google.li,
DNS:google.lk, DNS:google.lt, DNS:google.lu, DNS:google.lv, DNS:google.md, DNS:google.me,
DNS:google.mg, DNS:google.mk, DNS:google.ml, DNS:google.mn, DNS:google.ms, DNS:google.mu,
DNS:google.mv, DNS:google.mw, DNS:google.ne, DNS:google.ne.jp, DNS:google.net, DNS:google.ng,
DNS:google.nl, DNS:google.no, DNS:google.nr, DNS:google.nu, DNS:google.off.ai, DNS:google.pk,
DNS:google.pl, DNS:google.pn, DNS:google.ps, DNS:google.pt, DNS:google.ro, DNS:google.rs,
DNS:google.ru, DNS:google.rw, DNS:google.sc, DNS:google.se, DNS:google.sh, DNS:google.si,
DNS:google.sk, DNS:google.sm, DNS:google.sn, DNS:google.so, DNS:google.sr, DNS:google.st,
DNS:google.td, DNS:google.tg, DNS:google.tk, DNS:google.tl, DNS:google.tm, DNS:google.tn,
DNS:google.to, DNS:google.tt, DNS:google.us, DNS:google.uz, DNS:google.vg, DNS:google.vu,
DNS:google.ws, DNS:googlecommerce.com, DNS:gstatic.com, DNS:urchin.com, DNS:youtu.be,
DNS:youtube.com, DNS:youtubeeducation.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
71:D7:BB:09:DE:42:EB:E5:E0:75:3D:49:64:97:E5:9A:8D:6E:C3:8E
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha1WithRSAEncryption
8f:f3:ec:dd:ca:45:d2:20:12:40:cd:ce:72:10:42:b5:ac:4b:
8c:45:15:15:d7:9f:fb:01:e7:84:63:c6:41:b4:93:8b:79:ab:
51:56:b9:3f:07:74:5b:c7:38:ad:f0:ee:97:53:3b:f8:2d:bc:
94:23:ca:2e:1f:0c:5b:21:82:ae:b8:0f:55:43:1a:58:8f:4d:
25:0a:80:32:a6:c9:ff:3f:43:f5:1f:39:63:9f:a6:82:20:b4:
74:d4:e1:ef:e0:f9:92:c5:63:b6:e2:61:e4:e7:4e:c7:a3:dd:
44:1b:32:e0:06:7f:84:b6:45:20:57:6a:71:07:c2:54:b0:69:
9c:a2:f6:3f:5f:52:ca:9e:ba:77:b3:0b:4f:2a:b7:14:ca:c9:
7a:6c:f3:ce:2b:aa:c1:0d:ea:33:8f:e6:39:24:83:84:dc:3c:
ac:f0:83:2e:98:9f:2f:54:de:c4:c5:b0:05:a3:e3:ca:a5:13:
9c:28:ba:6b:e9:ee:e0:10:41:4a:d7:78:cd:60:0f:79:0f:0a:
e3:76:46:ce:7a:b4:84:1b:07:91:21:83:23:17:7a:77:e8:32:
3b:14:7c:3a:a8:fb:d6:c2:bf:18:4a:ad:d7:c1:d6:30:cd:67:
b4:8f:7d:27:43:97:b8:12:9d:0b:7e:ae:de:27:83:fa:89:29:
d9:be:e4:43
这篇关于Guzzle Curl 错误 60 SSL 无法获得本地发行者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
