在 XAMPP 中为 CURL 启用 SSL 支持 [英] Enabling SSL Support for CURL in XAMPP

问题描述

我正在使用编码的 PHP 脚本，它需要对 CURL 的 SSL 支持.

I am using an encoded PHP script, which requires SSL support for CURL.

我目前正在使用 XAMPP 进行本地开发，需要知道如何更新默认 CURL 以便在其上启用 SSL.

I am currently using XAMPP for local development and need to know how to update the default CURL such that SSL is enabled over it.

我正在寻找升级/支持的原因是我收到以下错误，当我用谷歌搜索时等等.我知道我的机器上的 CURL 不支持 SSL.

The reason I am looking for an upgrade/support is that I am getting the following error, which when googled up and etc. I understand that SSL is not supported for CURL on my machine.

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

请问大家有什么推荐的吗?我当前的本地服务器配置:

Anyone have any recommendations for me, please? My Current local server config:

XAMPP 1.7.3cURL 支持 已启用
cURL 信息 7.19.6
Apache 版本 Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14OpenSSL/0.9.8l mod_autoindex_colorPHP/5.3.1 mod_apreq2-20090110/2.7.1mod_perl/2.0.4 Perl/v5.10.1
加载的模块 core mod_win32 mpm_winnt http_core mod_so mod_actionsmod_alias mod_asis mod_auth_basicmod_auth_digest mod_authn_defaultmod_authn_file mod_authz_defaultmod_authz_groupfile mod_authz_hostmod_authz_user mod_cgi mod_davmod_dav_fs mod_dav_lock mod_dirmod_env mod_headers mod_includemod_info mod_isapi mod_log_configmod_mime mod_negotiation mod_rewritemod_setenvif mod_ssl mod_statusmod_vhost_alias mod_autoindex_colormod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14(Win32) DAV/2 mod_ssl/2.2.14OpenSSL/0.9.8l mod_autoindex_colorPHP/5.3.1 mod_apreq2-20090110/2.7.1mod_perl/2.0.4 Perl/v5.10.1 服务器位于本地主机端口 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14OpenSSL/0.9.8l mod_autoindex_colorPHP/5.3.1 mod_apreq2-20090110/2.7.1mod_perl/2.0.4 Perl/v5.10.1

XAMPP 1.7.3 cURL support enabled
cURL Information 7.19.6
Apache Version Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Server at localhost Port 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1

推荐答案

你的机器不支持?您发布的错误意味着 CURL 无法验证远程服务器的 SSL 证书，并且不一定指向您的机器的特定不足.在我之前使用 CURL 的经验中，它默认不接受/信任任何证书.根据您的设置和您打算用它做什么，您可能想要信任一个自签名证书 [[无法验证自签名证书！]] (例如来自另一个您运行的机器) 或者您可能希望信任一个真正的证书颁发机构(这将启用对该 CA 签名的任何证书的验证).本教程相当简单，只要您熟悉如何更改 CURL 的设置:http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

Not supported on your machine? The error you've posted means that CURL wasn't able to verify the SSL certificate for the remote server, and doesn't necessarily point to a specific inadequacy of your machine. In my previous experience with CURL, it defaults to not accepting/trusting any certificates. Depending on your setup and what you plan to do with it, you may want to trust a single, self-signed certificate [[Cannot verify self-signed certs!]] (e.g. from another machine you run) or you may want to trust a true Certificate Authority (which will enable verification of any certs signed by that CA). This tutorial is fairly straightforward, provided you're familiar with how to change CURL's settings: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

如果您采用该路径，则可以选择根 CA，但如果您只是保护您自己的两台机器之间的传输，则只需将 CURL 设置为信任另一台机器的证书.

You can pick and choose root CAs if you take that path, but if you're just securing transfers between two of your own machines you only need to set CURL to trust the other machine's certificate.

另一方面，如果您确实对 SSL 有一些更深层次的问题，它可能是由许多原因造成的，例如在构建时没有 SSL 支持.如果您正在制作、配置和编译自己的 CURL 版本，您可能需要查看 http://curl.haxx.se/docs/faq.html 关于 SSL 的主题，包括

On the other hand, if you indeed have some deeper problem with SSL, it may have resulted from any number of things, such as being built without SSL support. If you are making, configuring, and compiling your own build of CURL, you may want to take a look at http://curl.haxx.se/docs/faq.html on the topics concerning SSL, including

http://curl.haxx.se/docs/sslcerts.html 和http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when

请注意后一个链接(常见问题解答)中的自签名证书无法验证.如果您要连接到您自己的另一台服务器，则其证书需要由 CA 签名，并且 CA 的证书需要 CURL 信任才能成功连接.如果您只需要获得签名，或者您可以设置自己的 CA(根据我的经验，让已经准备好这样做的人签名要容易十倍)，那里有免费的 CA.如果另一台服务器托管一个处理现实世界"(金钱、产品、个人信息等)的安全站点，那么它的证书应该是或者你应该得到一个受信任的 CA 签名(VISA、Equifax、Comodo、您可以在每个浏览器中找到受信任的根 CA 列表).

Take note in the latter link (the FAQ) that self-signed certificates CANNOT be verified. If you're connecting to another of your own servers, its certificate will need to be signed by a CA and the CA's certificate trusted by CURL for the connection to succeed. There are free CAs out there if you only need to get a signature or you can set up your own CA (In my experience, it's just ten times easier to get it signed by someone already set up to do so). If the other server is hosting a secure site that deals with "the real world" (money, products, personal information, etc), its cert should be or you should get it signed by a trusted CA anyway (VISA, Equifax, Comodo, you can find a list of trusted root CAs in every browser).

我已经介绍了我可以针对该错误采取的措施，但如果这些都没有帮助，那么有关您的设置和系统的更多信息可能会有所帮助.:)

I've covered what I can in response to that error, but if none of this helps, a little more information on your setup and system might help. :)

这篇关于在 XAMPP 中为 CURL 启用 SSL 支持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！