使用PHP cURL与SSL证书时出错 [英] Error using PHP cURL with SSL certificates

问题描述

我试图使用cURL编写一个PHP脚本，它可以通过一个使用SSL证书的页面授权用户，除了用户名和密码，我似乎不能通过SSL证书阶段。 / p>

在这种情况下， curl_setopt（$ handle，CURLOPT_VERIFYPEER，0）不幸的是不是一个选项。证书是身份验证的必需部分，否则，我会收到此其他类似的SO中提及的错误post 。

我尝试过几个使用cURL的命令行运行：

code>> curl --url https：// website

这会返回（60）SLL证书问题错误。如果我调整命令以包括 - cacert 选项：

curl --url https：// website --cacert /path/to/servercert.cer

但是，我尝试了以下PHP代码：

  $ handle = curl_init（）; 
 $ options = array（
 CURLOPT_RETURNTRANSFER => false，
 CURLOPT_HEADER => true，
 CURLOPT_FOLLOWLOCATION => false，
 CURLOPT_SSL_VERIFYHOST =>'0' ，
 CURLOPT_SSL_VERIFYPEER =>'1'，
 CURLOPT_CAINFO =>'/path/to/servercert.cer', 
 CURLOPT_USERAGENT =>'Mozilla / 4.0（兼容; MSIE 5.01; Windows NT 5.0）'，
 CURLOPT_VERBOSE => true，
 CURLOPT_URL =>'https：// website'
）; 
 
 curl_setopt_array（$ handle，$ options）; 
 curl_exec（$ handle）; 
 if（curl_errno（$ handle））{
 echo'Error：'。 curl_error（$ handle）; 
} 
 curl_close（$ handle）; 
  

我本以为代码本质上类似于shell命令，以下错误消息：

错误：错误设置证书验证位置：CAfile：/path/to/servercert.cer CApath：none

我已经阅读了所有可以找到的文献（特别是在php.net和curl.haxx上），似乎找不到任何东西修复这个问题。有任何建议吗？

EDIT ：我尝试过 chmod 777 servercert.cer 成功。但是，在使用上面的代码从命令行执行PHP脚本而不是浏览器通过 php test.php ，它工作完美。对于为什么它不能在浏览器中工作的任何解释？

编辑2 ：这些驱动器downvote在唯一的灵魂勇敢地足够回答这个问题变老了。

解决方案

因为事情通过命令行工作，而不是通过php使用curl，我会追求卷曲成为问题。

根据此网址， http://curl.haxx.se/docs/sslcerts.html ，您在上面引用的SO帖子（使用CURL（php）读取SSL页面）...

直到7.18.0，curl捆绑一个严重过时的ca软件包文件，默认安装的是
这些天，curl档案不包括
所有的证书，你需要把它们放在其他地方。见下面的例子。

如果远程服务器使用自签名证书，如果您不安装CA
证书包，如果服务器使用由CA签名的证书，
包含在您使用的捆绑包中，或者远程主机是冒名顶替者
模拟您喜爱的网站，并且您要从此
服务器传输文件，请执行以下操作之一：

然后继续列出您可以尝试的多个步骤。

由于您的7.16.3版本curl是在7.18.0之前，如果你还没有，我建议更新你的curl和openssl组件，然后通过上面引用的列表。

I'm trying to write a PHP script using cURL that can authorize a user through a page that uses an SSL certificate, in addition to username and password, and I can't seem to get past the SSL cert stage.

In this case, curl_setopt($handle, CURLOPT_VERIFYPEER, 0) unfortunately isn't an option. The certificate is a required part of authentication, otherwise I get the error mentioned in this other similar SO post.

I've tried a few command-line runs with cURL:

> curl --url https://website

This returns the (60) SLL certificate problem error. If I adjust the command to include the --cacert option:

> curl --url https://website --cacert /path/to/servercert.cer

It works just fine; the auth website is returned.

However, I've tried the following PHP code:

$handle = curl_init();
$options = array( 
                  CURLOPT_RETURNTRANSFER => false,
                  CURLOPT_HEADER         => true,
                  CURLOPT_FOLLOWLOCATION => false,
                  CURLOPT_SSL_VERIFYHOST => '0',
                  CURLOPT_SSL_VERIFYPEER => '1',
                  CURLOPT_CAINFO         => '/path/to/servercert.cer',
                  CURLOPT_USERAGENT      => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
                  CURLOPT_VERBOSE        => true,
                  CURLOPT_URL            => 'https://website'
           );

curl_setopt_array($handle, $options);
curl_exec($handle);
if (curl_errno($handle)) {
  echo 'Error: ' . curl_error($handle);
}
curl_close($handle);

I would have thought the code was essentially analogous to the shell commands, but instead I'm greeted with the following error message:

Error: error setting certificate verify locations: CAfile: /path/to/servercert.cer CApath: none

I've read all the literature I can find (particularly on php.net and curl.haxx) and can't seem to find anything that fixes this problem. Any suggestions?

EDIT: I have tried chmod 777 servercert.cer with no success. However, in executing the PHP script with the above code from the command line instead of the browser via php test.php, it works perfectly. Any explanation for why it doesn't work in the browser?

EDIT 2: These drive-by downvotes on the only souls brave enough to answer this question are getting old. Either contribute something meaningful or pass on by, please.

解决方案

Because things work via the command line but not via php using curl then I would pursue curl being the problem.

According to this URL, http://curl.haxx.se/docs/sslcerts.html, which was reference in an SO post you cited above ( reading SSL page with CURL (php) )...

"Until 7.18.0, curl bundled a severely outdated ca bundle file that was installed by default. These days, the curl archives include no ca certs at all. You need to get them elsewhere. See below for example.

If the remote server uses a self-signed certificate, if you don't install a CA cert bundle, if the server uses a certificate signed by a CA that isn't included in the bundle you use or if the remote host is an impostor impersonating your favorite site, and you want to transfer files from this server, do one of the following:"

It then goes on to list a number of steps that you can try.

Since your 7.16.3 version of curl is prior to 7.18.0, if you haven't already, I would recommend updating your curl and openssl components and then working through the list referenced above.

这篇关于使用PHP cURL与SSL证书时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！