将 PHP cURL 与 SSL 证书一起使用时出错 [英] Error using PHP cURL with SSL certificates
问题描述
我正在尝试使用 cURL 编写 PHP 脚本,除了用户名和密码外,该脚本还可以通过使用 SSL 证书的页面授权用户,但我似乎无法通过 SSL 证书阶段.
I'm trying to write a PHP script using cURL that can authorize a user through a page that uses an SSL certificate, in addition to username and password, and I can't seem to get past the SSL cert stage.
在这种情况下,curl_setopt($handle, CURLOPT_VERIFYPEER, 0) 不幸的是不是一个选项.证书是身份验证的必需部分,否则我会收到 this other similar SO 中提到的错误发布.
In this case, curl_setopt($handle, CURLOPT_VERIFYPEER, 0) unfortunately isn't an option. The certificate is a required part of authentication, otherwise I get the error mentioned in this other similar SO post.
我已经尝试了一些使用 cURL 的命令行运行:
I've tried a few command-line runs with cURL:
<代码>>curl --url https://website
这将返回 (60) SLL 证书问题 错误.如果我调整命令以包含 --cacert 选项:
This returns the (60) SLL certificate problem error. If I adjust the command to include the --cacert option:
<代码>>curl --url https://website --cacert/path/to/servercert.cer
它工作得很好;返回授权网站.
It works just fine; the auth website is returned.
但是,我尝试了以下 PHP 代码:
However, I've tried the following PHP code:
$handle = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => false,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => false,
CURLOPT_SSL_VERIFYHOST => '0',
CURLOPT_SSL_VERIFYPEER => '1',
CURLOPT_CAINFO => '/path/to/servercert.cer',
CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
CURLOPT_VERBOSE => true,
CURLOPT_URL => 'https://website'
);
curl_setopt_array($handle, $options);
curl_exec($handle);
if (curl_errno($handle)) {
echo 'Error: ' . curl_error($handle);
}
curl_close($handle);
我会认为代码本质上类似于 shell 命令,但我收到了以下错误消息:
I would have thought the code was essentially analogous to the shell commands, but instead I'm greeted with the following error message:
错误:错误设置证书验证位置:CAfile:/path/to/servercert.cer CApath:无
Error: error setting certificate verify locations: CAfile: /path/to/servercert.cer CApath: none
我已阅读我能找到的所有文献(特别是在 php.net 和 curl.haxx 上),但似乎找不到任何可以解决此问题的内容.有什么建议吗?
I've read all the literature I can find (particularly on php.net and curl.haxx) and can't seem to find anything that fixes this problem. Any suggestions?
我尝试过 chmod 777 servercert.cer 没有成功.但是,在使用上述代码从命令行而不是通过php test.php 浏览器执行 PHP 脚本时,它运行良好.为什么它在浏览器中不起作用的任何解释?
I have tried chmod 777 servercert.cer with no success. However, in executing the PHP script with the above code from the command line instead of the browser via php test.php, it works perfectly. Any explanation for why it doesn't work in the browser?
推荐答案
因为事情是通过命令行工作的,而不是通过使用 curl 的 php,所以我会追究 curl 的问题.
Because things work via the command line but not via php using curl then I would pursue curl being the problem.
根据这个网址,http://curl.haxx.se/docs/sslcerts.html,这是您在上面引用的 SO 帖子中的参考(reading SSL page with卷曲 (php) )...
According to this URL, http://curl.haxx.se/docs/sslcerts.html, which was reference in an SO post you cited above ( reading SSL page with CURL (php) )...
"直到 7.18.0,curl 捆绑了一个严重过时的 ca 捆绑文件,该文件是默认安装.这些天,curl 档案不包括在全部.您需要在其他地方获取它们.参见下面的例子.
"Until 7.18.0, curl bundled a severely outdated ca bundle file that was installed by default. These days, the curl archives include no ca certs at all. You need to get them elsewhere. See below for example.
如果远程服务器使用自签名证书,如果不安装CAcert bundle,如果服务器使用的证书不是由 CA 签名的包含在您使用的捆绑包中,或者远程主机是冒名顶替者冒充你最喜欢的网站,并且你想从这个网站传输文件服务器,请执行以下操作之一:"
If the remote server uses a self-signed certificate, if you don't install a CA cert bundle, if the server uses a certificate signed by a CA that isn't included in the bundle you use or if the remote host is an impostor impersonating your favorite site, and you want to transfer files from this server, do one of the following:"
然后列出了一些您可以尝试的步骤.
It then goes on to list a number of steps that you can try.
由于您的 curl 7.16.3 版本早于 7.18.0,如果您还没有,我建议您更新 curl 和 openssl 组件,然后完成上面引用的列表.
Since your 7.16.3 version of curl is prior to 7.18.0, if you haven't already, I would recommend updating your curl and openssl components and then working through the list referenced above.
这篇关于将 PHP cURL 与 SSL 证书一起使用时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
