1

我已经为 Windows 安装了一个全新的 Xampp 1.8.3 副本,它启用了 cURL。我尝试连接的测试站点是https://www.mozilla.org/en-US/。这是我的代码:

<?php

// Set the URL to visit
$url = "https://www.mozilla.org/en-US/";

// Set .pem file to use
$certFile = dirname(__FILE__) . '\www.mozilla.org.crt';

// In this example we are referring to a page that handles xml
$headers = array( "Content-Type: text/xml",);

// Initialise Curl
$curl = curl_init($url);
if ($curl === false)
    throw new Exception(' cURL init failed');

// Set up to view correct page type
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);

// Turn on SSL certificate verfication
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAPATH, $certFile);

// Tell the curl instance to talk to the server using HTTP POST
curl_setopt($curl, CURLOPT_POST, 1);

// 1 second for a connection timeout with curl
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);

// Try using this instead of the php set_time_limit function call
curl_setopt($curl, CURLOPT_TIMEOUT, 60);

// Causes curl to return the result on success which should help us avoid using the writeback option
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

echo "Connecting to " . $url . "<br/>";
echo "Using " . $certFile . "<br/>";
echo "<br/>";

if(curl_exec($curl) == false)
    echo ("Error: " . curl_errno($curl) . ", " . curl_error($curl) . "<br/>");
else
    echo "Success!" . "<br/>";

?>

这是我使用 FireFox 24 从站点证书中提取的 .PEM 文件:

-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgICKTgwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMxMTAvBgNVBAsTKFNlZSB3d3cuZ2VvdHJ1
c3QuY29tL3Jlc291cmNlcy9jcHMgKGMpMDYxLDAqBgNVBAMTI0dlb1RydXN0IEV4
dGVuZGVkIFZhbGlkYXRpb24gU1NMIENBMB4XDTExMTIxNTIwMzU0N1oXDTEzMTIx
NjIxMjMwOFowge0xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYL
KwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAP
BgNVBAUTCEMyNTQzNDM2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBGb3Vu
ZGF0aW9uMRYwFAYDVQQLEw1JVCBPcGVyYXRpb25zMRgwFgYDVQQDEw93d3cubW96
aWxsYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeOh6yffa6
EUJiq7B3gmqMopyskeIquGSmuz5lpS3ajoUezV24W/xnKHSgn87C0KBzUSjRY46I
x9lHdgfDlptNv1Zt+BoRwVHuZt0IZnGYZeStg05qGY5fsznpDIfyJAWXtOaWmju7
2a1Mpvultu4AkoxD1etPZZgY/FaUSftmpYvpCaHFjL+mLdF88NvUG6OpX4/L/uTv
05OOPcjbLHvL3tw1CerOzqF6BDbB8qOh0DXAN/CF4/OS8LdLWXW2VPDXv+fMq4aw
eCV+nDVn6V4sZH5rplztPXMQdZZoxSMESctd1lpFarXpd7uJ8kzrmMz9D3dIzkhL
/lA9B6Dng/8BAgMBAAGjggGMMIIBiDAfBgNVHSMEGDAWgBQoxOuP8V95kKMrVcNW
Tn1rU3IsGDBuBggrBgEFBQcBAQRiMGAwKgYIKwYBBQUHMAGGHmh0dHA6Ly9FVlNT
TC1vY3NwLmdlb3RydXN0LmNvbTAyBggrBgEFBQcwAoYmaHR0cDovL0VWU1NMLWFp
YS5nZW90cnVzdC5jb20vZXZjYS5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAnBgNVHREEIDAegg93d3cubW96aWxsYS5v
cmeCC21vemlsbGEub3JnMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNTTC1j
cmwuZ2VvdHJ1c3QuY29tL2NybHMvZ3RleHR2YWxjYS5jcmwwDAYDVR0TAQH/BAIw
ADBLBgNVHSAERDBCMEAGCSsGAQQB8CIBBjAzMDEGCCsGAQUFBwIBFiVodHRwOi8v
d3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IB
AQDBO3AEZKza01zLPQiq3wzRXClKwW/u6D1Fznv7v7hU97luVcbkY/kNAiMerqPk
hTfhtnLYIuu9ZFapv2vVdRuzY/hGc3Rieek7f/T8d0tojfjdGgXwwg9M5qaDe35a
0hbsGR1Z1DdWtuGeKPuP6dzDw2zvfcOEf0l14M/ECS2sRU3MX42Rm6BK4xH1cjac
KFz+Ngwe4CivEvU4R0+MjPvmTePTyjazU+rzz5fA1JRQ7CCE00+tAAqAIAzHINlH
maKUEkR+OwUDEhKc+cQUq+EBeS3ILlufJWak1HFkxRAJAnw9za1ubG+y9V7MVheL
rc60KdNJLKwH5EQ0tZSx71jt
-----END CERTIFICATE-----

我让一个远程朋友尝试使用他机器上的 .pem 文件的代码,它对他有用。我的运行时环境是否缺少某些东西来阻止这种情况?谢谢。

4

3 回答 3

10

尝试使用最新的“来自 Mozilla 的证书数据”捆绑包。

http://curl.haxx.se/ca/cacert.pem

似乎它包含了大多数常见的 CA。

在你的 php.ini 中设置

curl.cainfo=<path-to>cacert.pem

并重新启动 XAMPP / Apache 模块。

仔细检查

phpinfo();

您的 curl.cainfo 设置正确。

于 2014-12-27T12:17:01.337 回答
0

我将这个答案留给像我这样使用 GoDaddy 托管的用户。这是场景

  1. 网站托管由 Google Compute Engine (GCE)
  2. 证书由 GoDaddy 颁发

每当我尝试从外部服务器调用 CURL 到 GCE 上的应用程序时,我都会收到错误消息 - 无法获取本地颁发者证书

我如何解决这个问题是通过使用以下代码使用 GoDaddy 提供的证书包调用我的 cURL。本质上,网络上可用的大多数捆绑包都没有 GoDaddy 证书颁发机构,因此会出现错误。如果您使用 GoDaddy 提供的证书包,那么您不会收到错误消息。

如果您正在寻找 GoDaddy 证书捆绑包,可以在您的 GoDaddy 帐户的 SSL/TSL 部分下找到它

$ch = curl_init("https://my.secure.website");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/gd_bundle-g2-g1.crt");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
于 2015-03-05T03:41:04.720 回答
0

(XAMP) 还要确保您的 cert/pem 文件已更新。

要修复 SSL 证书错误消息“SSL 证书错误:无法获取本地颁发者证书”,请尝试以下操作:

下载:http ://curl.haxx.se/ca/cacert.pem

将文件 cacert.pem 复制到 C:\xampp\php\extras\ssl
要检查您的路径,请打开 c:\xampp\php\php.ini 并搜索 [curl] 部分

于 2022-01-24T12:32:25.110 回答