在XAMPP中启用对CURL的SSL支持 [英] Enabling SSL Support for CURL in XAMPP

问题描述

我使用的是编码的PHP脚本，需要对CURL提供SSL支持。

I am using an encoded PHP script, which requires SSL support for CURL.

我目前使用XAMPP进行本地开发，需要知道如何更新默认CURL，以便在其上启用SSL。

I am currently using XAMPP for local development and need to know how to update the default CURL such that SSL is enabled over it.

我正在寻找一个升级/支持的原因是，我得到以下错误，当googleogled等等。我了解我的计算机上的CURL不支持SSL。

The reason I am looking for an upgrade/support is that I am getting the following error, which when googled up and etc. I understand that SSL is not supported for CURL on my machine.

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

任何人都有任何建议，请？
我的当前本地服务器配置：

Anyone have any recommendations for me, please? My Current local server config:

XAMPP 1.7.3
cURL支持

cURL信息 7.19.6

Apache版本 Apache / 2.2.14（Win32）DAV / 2 mod_ssl / 2.2。 14
OpenSSL / 0.9.8l mod_autoindex_color
PHP / 5.3.1 mod_apreq2-20090110 / 2.7.1
mod_perl / 2.0.4 Perl / v5.10.1

加载模块 core mod_win32 mpm_winnt http_core mod_so mod_actions
mod_alias mod_asis mod_auth_basic
mod_auth_digest mod_authn_default
mod_authn_file mod_authz_default
mod_authz_groupfile mod_authz_host
mod_authz_user mod_cgi mod_dav
mod_dav_fs mod_dav_lock mod_dir
mod_env mod_headers mod_include
mod_info mod_isapi mod_log_config
mod_mime mod_negotiation mod_rewrite
mod_setenvif mod_ssl mod_status
mod_vhost_alias mod_autoindex_color
mod_php5 mod_perl mod_apreq2

SERVER_SIGNATURE Apache / 2.2.14
（Win32）DAV / 2 mod_ssl / 2.2.14
OpenSSL / 0.9.8l mod_autoindex_color
PHP / 5.3.1 mod_apreq2-20090110 /2.7.1
mod_perl / 2.0.4 Perl / v5.10.1服务器在
localhost端口80

SERVER_SOFTWARE Apache / 2.2.14（Win32） DAV / 2 mod_ssl / 2.2.14
OpenSSL / 0.9.8l mod_autoindex_color
PHP / 5.3.1 mod_apreq2-20090110 / 2.7.1
mod_perl / 2.0.4 Perl / v5.10.1

XAMPP 1.7.3 cURL support enabled
cURL Information 7.19.6
Apache Version Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Server at localhost Port 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1

推荐答案

机器不支持？您发布的错误意味着CURL无法验证远程服务器的SSL证书，并且不一定指向您的计算机的特定不足。
在我以前的CURL经验，它默认不接受/信任任何证书。根据您的设置以及您计划如何处理，您可能需要信任一个自签名证书 [[无法验证自签名证书！]]（例如从另一个证书您运行的计算机），或者您可能想要信任一个真实的证书颁发机构（这将启用由该CA签署的任何证书的验证）。本教程非常简单，只要您熟悉如何更改CURL的设置：
http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https- ssltls-protected-sites /

Not supported on your machine? The error you've posted means that CURL wasn't able to verify the SSL certificate for the remote server, and doesn't necessarily point to a specific inadequacy of your machine. In my previous experience with CURL, it defaults to not accepting/trusting any certificates. Depending on your setup and what you plan to do with it, you may want to trust a single, self-signed certificate [[Cannot verify self-signed certs!]] (e.g. from another machine you run) or you may want to trust a true Certificate Authority (which will enable verification of any certs signed by that CA). This tutorial is fairly straightforward, provided you're familiar with how to change CURL's settings: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

您可以选择并选择根CA，如果你采取的路径，但如果你只是安全的两个自己的机器，你只需要设置CURL来信任其他机器的证书。

You can pick and choose root CAs if you take that path, but if you're just securing transfers between two of your own machines you only need to set CURL to trust the other machine's certificate.

另一方面，如果你确实有一些更深层次的SSL问题，任何数量的事情，例如没有SSL支持。如果您正在制作，配置和编译自己的CURL版本，您可能需要查看 http://curl.haxx.se/docs/faq.html 关于SSL的主题，包括

On the other hand, if you indeed have some deeper problem with SSL, it may have resulted from any number of things, such as being built without SSL support. If you are making, configuring, and compiling your own build of CURL, you may want to take a look at http://curl.haxx.se/docs/faq.html on the topics concerning SSL, including

http://curl.haxx.se/docs/sslcerts.html 和
http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when

请注意，在后面的链接（FAQ）中，自签名证书无法验证。如果您要连接到自己的另一台服务器，则其证书将需要由CA和CURL信任的CA证书进行签名才能使连接成功。有免费的CA，在那里，如果你只需要得到一个签名，或者你可以设置自己的CA（在我的经验，它只有十倍更容易得到签名的人已经设置了这样做）。如果其他服务器托管一个处理现实世界（金钱，产品，个人信息等）的安全网站，其证书应该是或者你应该得到一个受信任的CA签名（VISA，Equifax，Comodo，你可以在每个浏览器中找到受信任的根CA的列表。）

Take note in the latter link (the FAQ) that self-signed certificates CANNOT be verified. If you're connecting to another of your own servers, its certificate will need to be signed by a CA and the CA's certificate trusted by CURL for the connection to succeed. There are free CAs out there if you only need to get a signature or you can set up your own CA (In my experience, it's just ten times easier to get it signed by someone already set up to do so). If the other server is hosting a secure site that deals with "the real world" (money, products, personal information, etc), its cert should be or you should get it signed by a trusted CA anyway (VISA, Equifax, Comodo, you can find a list of trusted root CAs in every browser).

我已经涵盖了我可以回应这个错误，但如果没有一个帮助，有关您的设置和系统的更多信息可能会有所帮助。 ：）

I've covered what I can in response to that error, but if none of this helps, a little more information on your setup and system might help. :)

这篇关于在XAMPP中启用对CURL的SSL支持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！