Paypal Access - SSL 证书:无法获得本地发行人证书 [英] Paypal Access - SSL certificate: unable to get local issuer certificate
问题描述
我正在使用 cUrl 和 PHP 向服务器发出请求(用于 Paypal 访问)
I'm working with cUrl and PHP to make a request to a server (for paypal access)
Paypal 开发者网站从未提及使用 PayPal 访问 API 需要 SSL 证书,但是我用来请求令牌的代码如下:
Paypal developer website does never mention that an SSL certificate is required to use PayPal access API, however the code that I use to request the token is the following:
$options = array(
CURLOPT_URL => $url,
CURLOPT_POST => 1,
CURLOPT_VERBOSE => 1,
CURLOPT_POSTFIELDS => $postvals,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_SSLVERSION => 3
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
echo curl_error($ch);
此回显输出以下错误:
SSL certificate problem: unable to get local issuer certificate
我的问题是:
1) 如果我只需要获取用户电子邮件,我是否需要 SSL 才能使用 paypal 访问?
1) do I need SSL to use paypal access if I need only to get the user email?
2) 如果我不需要 SSL,为什么会出现此错误?
2) if I do not need SSL why this error occours?
PS:端点如下:https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice
推荐答案
正确 解决方案是修复您的 PHP 设置.. 将 CURLOPT_SSL_VERIFYPEER 设置为 false 是一个快速的技巧,但是当您禁用时它是错误的由其证书颁发机构进行的证书验证.这会让您面临中间人攻击.
The correct solution is to fix your PHP setup.. setting CURLOPT_SSL_VERIFYPEER to false is a quick hack, but it's wrong as you disable the certificate validation by it's certificate authority. This exposes you to a man-in-the-middle attack.
很容易修复(php 5.3.7 或更高版本)-下载具有最新证书颁发机构的列表文件,并将此设置添加到您的 php.ini
<代码>curl.cainfo=
It's easy to fix (php 5.3.7 or higher) -
Download a list file with an up-to-date certificate authorities, and add this setting to your php.ini
curl.cainfo=<path-to>cacert.pem
重启你的网络服务器,它就会工作!
Restart your web server, and it'll work !
这篇关于Paypal Access - SSL 证书:无法获得本地发行人证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!