Paypal访问 - SSL证书:无法获取本地颁发者证书 [英] Paypal Access - SSL certificate: unable to get local issuer certificate
问题描述
我正在使用cUrl和PHP向服务器发出请求(用于paypal访问)
I'm working with cUrl and PHP to make a request to a server (for paypal access)
Paypal开发者网站从未提到需要SSL证书使用PayPal访问API,但是我用来请求令牌的代码如下:
Paypal developer website does never mention that an SSL certificate is required to use PayPal access API, however the code that I use to request the token is the following:
$options = array(
CURLOPT_URL => $url,
CURLOPT_POST => 1,
CURLOPT_VERBOSE => 1,
CURLOPT_POSTFIELDS => $postvals,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_SSLVERSION => 3
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
echo curl_error($ch);
此echo输出以下错误:
This echo outputs the following error:
SSL certificate problem: unable to get local issuer certificate
问题是:
1)如果我只需要获得用户电子邮件,我需要SSL才能使用paypal访问权限?
1) do I need SSL to use paypal access if I need only to get the user email?
2)如果我不需要SSL为什么会出现此错误?
2) if I do not need SSL why this error occours?
PS:端点如下: https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice
推荐答案
正确解决方案是修复您的PHP设置..将CURLOPT_SSL_VERIFYPEER设置为false是快速黑客,但它是错误的,因为您禁用其证书颁发机构的证书验证。
The correct solution is to fix your PHP setup.. setting CURLOPT_SSL_VERIFYPEER to false is a quick hack, but it's wrong as you disable the certificate validation by it's certificate authority. This exposes you to a man-in-the-middle attack.
很容易修复( php 5.3.7或更高版本) -
下载包含最新证书授权中心的列表文件,并将此设置添加到您的 php.ini
curl.cainfo =< path-to> cacert.pem
It's easy to fix (php 5.3.7 or higher) -
Download a list file with an up-to-date certificate authorities, and add this setting to your php.ini
curl.cainfo=<path-to>cacert.pem
重新启动您的网络服务器,它会工作!
Restart your web server, and it'll work !
这篇关于Paypal访问 - SSL证书:无法获取本地颁发者证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!