3

在我向 API 发出的第二次请求中,我收到此错误!?

API 的后端是我自己的服务器之一,我自己设置了自签名 SSL 证书

这里发生了什么!?它不能是 SSL 证书,因为它在某些情况下有效

Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in

API 请求代码

$Request = new Request();
$Request->host = $host;
$Request->api_secret = 'asdf39Sf3D';
$Request->send($url, $params);
echo $Request->get_result();

class Request {
    public $host;
    public $api_secret;

    public $boundary;
    public $body;

    private $response;
    private $url;

    const SSL = true;

    public function send($url, $post_vars=array()){
        $this->url = $url;

        $crlf = "\r\n";

        $host = $this->host;
        $port = 80;

        if(self::SSL){
            $host = 'ssl://'.$this->host;
            $port = 443;
        }

        if($this->body){
            $body = $this->body;
        }
        else{
            $post_vars['__api_hash'] = $this->generate_hash($this->url);
            $body = http_build_query($post_vars);
        }

        $content_length = strlen($body);

        $max_post = 1024 * 1024 * 20;
        if($content_length > $max_post){
            throw new Exception("Max post size exceeded");
        }

        if($fp = fsockopen($host, $port, $errno, $errstr, 20)){
            fwrite($fp, 'POST '.substr($this->url, strlen($this->host)).' HTTP/1.1'.$crlf
                .'Host: '.$this->host.$crlf
                .($this->body ? 'Content-type: multipart/form-data; boundary='.$this->boundary : 'Content-Type: application/x-www-form-urlencoded').$crlf
                .'Content-Length: '.$content_length.$crlf
                .'Connection: Close'.$crlf.$crlf
                .$body);

            while($line = fgets($fp)){
                if($line !== false){
                    $this->response .= $line;
                }
            }

            fclose($fp);
        }
        else{
            throw new Exception("$errstr ($errno)");
        }
    }

    public function get_response(){
        return $this->response;
    }

    public function get_result(){
        list($header, $content) = explode("\n\n", str_replace("\r\n", "\n", $this->response));

        preg_match('/^HTTP\/[\d\.]+ (\d+)/', $header, $matches);
        switch($matches[1]){
            case 404:
                throw new Exception('HTTP 404 '.$this->url);
        }

        return json_decode($content, true);
    }

    public function generate_hash(){
        return sha1($this->url.$this->api_secret);
    }
}
4

1 回答 1

3

2009年有一个广为人知的 SSL/TLS重新协商问题。您可能会看到添加代码以防止不安全的重新协商的结果。如果对通信的一侧进行了修补以解决不安全的重新协商问题,那么这也可能导致您看到的错误。双方都需要修补版本的 SSL 或两者都未修补。从OpenSSL 更改日志看来,您至少需要v0.9.8m.

查看Wamp2 和“无法在动态链接库 LIBEAY.dll 中找到序号 942”,您可能使用了 WAMP 附带的错误版本的 OpenSSL。

于 2013-11-06T15:31:32.597 回答