Paypal访问 - SSL证书：无法获取本地颁发者证书 [英] Paypal Access - SSL certificate: unable to get local issuer certificate

问题描述

我正在使用cUrl和PHP向服务器发出请求（用于paypal访问）

I'm working with cUrl and PHP to make a request to a server (for paypal access)

Paypal开发者网站从未提到需要SSL证书使用PayPal访问API，但是我用来请求令牌的代码如下：

Paypal developer website does never mention that an SSL certificate is required to use PayPal access API, however the code that I use to request the token is the following:

$options = array(
                CURLOPT_URL => $url,
                CURLOPT_POST => 1,
                CURLOPT_VERBOSE => 1,
                CURLOPT_POSTFIELDS => $postvals,
                CURLOPT_RETURNTRANSFER => 1,
                CURLOPT_SSLVERSION => 3
);

curl_setopt_array($ch, $options);

$response = curl_exec($ch); 
echo curl_error($ch);

此echo输出以下错误：

This echo outputs the following error:

SSL certificate problem: unable to get local issuer certificate

问题是：

1）如果我只需要获得用户电子邮件，我需要SSL才能使用paypal访问权限？

1) do I need SSL to use paypal access if I need only to get the user email?

2）如果我不需要SSL为什么会出现此错误？

2) if I do not need SSL why this error occours?

PS：端点如下： https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice

推荐答案

正确解决方案是修复您的PHP设置..将CURLOPT_SSL_VERIFYPEER设置为false是快速黑客，但它是错误的，因为您禁用其证书颁发机构的证书验证。

The correct solution is to fix your PHP setup.. setting CURLOPT_SSL_VERIFYPEER to false is a quick hack, but it's wrong as you disable the certificate validation by it's certificate authority. This exposes you to a man-in-the-middle attack.

很容易修复（ php 5.3.7或更高版本） -
下载包含最新证书授权中心的列表文件，并将此设置添加到您的 php.ini


curl.cainfo =< path-to> cacert.pem


It's easy to fix (php 5.3.7 or higher) - Download a list file with an up-to-date certificate authorities, and add this setting to your php.ini
curl.cainfo=<path-to>cacert.pem

重新启动您的网络服务器，它会工作！

Restart your web server, and it'll work !

这篇关于Paypal访问 - SSL证书：无法获取本地颁发者证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！