1

当我使用 Symfony2 HWIOAuthBundle 将我的网站与 facebook 连接时,出现此错误

SSL certificate problem: unable to get local issuer certificate

我在堆栈上找到了如何在这个 url 下解决这个问题: Symfony HWIOAuthBundle,如何配置 cURL?

但是当我添加时:

http_client:
    verify_peer: false

我得到另一个错误:

No property defined for entity for resource owner 'facebook'.

我不知道这有什么问题。

配置/config.yml

imports:
    - { resource: parameters.yml }
    - { resource: security.yml }

framework:
    #esi:             ~
    translator:      { fallback: "pl" }
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    templating:
        engines: ['twig']
        #assets_version: SomeVersionScheme
    default_locale:  "%locale%"
    trusted_hosts:   ~
    trusted_proxies: ~
    session:
        # handler_id set to null will use default session handler from php.ini
        handler_id:  ~
    fragments:       ~
    http_method_override: true

# Twig Configuration
twig:
    debug:            "%kernel.debug%"
    strict_variables: "%kernel.debug%"

# Assetic Configuration
assetic:
    debug:          "%kernel.debug%"
    use_controller: false
    bundles:        [ ]
    #java: /usr/bin/java
    filters:
        cssrewrite: ~
        #closure:
        #    jar: "%kernel.root_dir%/Resources/java/compiler.jar"
        #yui_css:
        #    jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"
        lessphp:
            file: %kernel.root_dir%/../vendor/leafo/lessphp/lessc.inc.php
            apply_to: "\.less$"
# Doctrine Configuration
doctrine:
    dbal:
        driver:   "%database_driver%"
        host:     "%database_host%"
        port:     "%database_port%"
        dbname:   "%database_name%"
        user:     "%database_user%"
        password: "%database_password%"
        charset:  UTF8
        # if using pdo_sqlite as your database driver, add the path in parameters.yml
        # e.g. database_path: "%kernel.root_dir%/data/data.db3"
        # path:     "%database_path%"

    orm:
        auto_generate_proxy_classes: "%kernel.debug%"
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: "%mailer_transport%"
    host:      "%mailer_host%"
    username:  "%mailer_user%"
    password:  "%mailer_password%"
    spool:     { type: memory }

hwi_oauth:
    resource_owners:
        facebook:
            type:                facebook
            client_id:           xxx
            client_secret:       xxx
        google:
            type:                google
            client_id:           xxx
            client_secret:       xxx
        github:
            type:                github
            client_id:           xxx
            client_secret:       xxx
    # name of the firewall in which this bundle is active, this setting MUST be set
    firewall_name: secured_area
    http_client:
        verify_peer: false

services:
    my.oauth_aware.user_provider.service:
        class: HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider
        arguments:
            userManager: "@fos_user.user_manager"
            properties: ["pass properties as array"]

fos_user:
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
    firewall_name: main
    user_class: Acme\DemoBundle\Entity\User

braincrafted_bootstrap:
    less_filter: lessphp
4

1 回答 1

1 
http_client:
   verify_peer: false

馊主意。

将我的网站与 facebook 连接...

Facebook 使用 DigiCert 作为其 CA:

$ openssl s_client -connect facebook.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
...

如果您获取所需的 CA 文件并在请求中使用它会更好。您可以DigiCert High Assurance EV Root CADigiCert Root Certificates上找到。

如果您不打算正确使用 PKIX,则不妨使用匿名协议,如 Anonymous Diffie-Hellman (ADH) 或 Anonymous Elliptic Curve Diffie-Hellman (AECDH)。它将节省一些带宽,因为服务器不需要发送证书(因为您没有验证它)。

另请参阅HWIOAuthBundle Github上的SSL 证书问题 #368

于 2014-07-24T13:22:42.913 回答