Question

我在本地（Fedora）遇到了一个我在服务器上看不到的问题（RedHat）。在apache下运行的脚本中使用php的curl函数时，我无法连接到HTTPS服务器。当我从CLI运行完全相同的脚本时，连接没有问题。我没有连接到HTTP服务器，只能连接到HTTPS。当我在RedHat服务器上运行完全相同的脚本时，它在apache和CLI下运行正常。

这是脚本：

<?php

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => "https://www.google.com/",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_VERBOSE => true,
]);

$result = curl_exec($ch);
$headers = curl_getinfo($ch);

echo "Result:\n";
var_export($result);
echo "\n\nHeaders:\n";
var_export($headers);

?>

当我在apache下运行它时，我得到了这个输出：

Result:
false

Headers:
array (
  'url' => 'https://www.google.com/',
  'content_type' => NULL,
  'http_code' => 0,
  'header_size' => 0,
  'request_size' => 0,
  'filetime' => -1,
  'ssl_verify_result' => 0,
  'redirect_count' => 0,
  'total_time' => 0.028444000000000001,
  'namelookup_time' => 0.028337000000000001,
  'connect_time' => 0.040409,
  'pretransfer_time' => 0,
  'size_upload' => 0,
  'size_download' => 0,
  'speed_download' => 0,
  'speed_upload' => 0,
  'download_content_length' => -1,
  'upload_content_length' => -1,
  'starttransfer_time' => 0,
  'redirect_time' => 0,
  'redirect_url' => '',
  'primary_ip' => '74.125.226.146',
  'certinfo' => 
  array (
  ),
  'primary_port' => 443,
  'local_ip' => '192.168.5.197',
  'local_port' => 39900,
)

..并在错误日志中显示：

* Adding handle: conn: 0x7fdaff4ba4b0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 1 (0x7fdaff4ba4b0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.google.com port 443 (#1)
*   Trying 74.125.226.146...
* Connected to www.google.com (74.125.226.146) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* Closing connection 1

在CLI中运行时，我得到了这个输出：

* Adding handle: conn: 0x7fb9c7c6b670
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fb9c7c6b670) send_pipe: 1, recv_pipe: 0
* About to connect() to www.google.com port 443 (#0)
*   Trying 74.125.226.148...
* Connected to www.google.com (74.125.226.148) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using SSL_RSA_WITH_RC4_128_SHA
* Server certificate:
*       subject: CN=www.google.com,O=Google Inc,L=Mountain View,ST=California,C=US
*       start date: Dec 11 12:02:58 2013 GMT
*       expire date: Apr 10 00:00:00 2014 GMT
*       common name: www.google.com
*       issuer: CN=Google Internet Authority G2,O=Google Inc,C=US
> GET / HTTP/1.1
Host: www.google.com
Accept: */*

< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Location: https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo
< Content-Length: 257
< Date: Wed, 22 Jan 2014 17:38:21 GMT
* Server GFE/2.0 is not blacklisted
< Server: GFE/2.0
< Alternate-Protocol: 443:quic
< 
* Connection #0 to host www.google.com left intact
Result:
'<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.ca/?gfe_rd=cr&amp;ei=DQLgUsKrCoWN8Qeo9oAo">here</A>.
</BODY></HTML>
'

Headers:
array (
  'url' => 'https://www.google.com/',
  'content_type' => 'text/html; charset=UTF-8',
  'http_code' => 302,
  'header_size' => 259,
  'request_size' => 53,
  'filetime' => -1,
  'ssl_verify_result' => 0,
  'redirect_count' => 0,
  'total_time' => 0.210087,
  'namelookup_time' => 0.028376999999999999,
  'connect_time' => 0.041487000000000003,
  'pretransfer_time' => 0.19747600000000001,
  'size_upload' => 0,
  'size_download' => 257,
  'speed_download' => 1223,
  'speed_upload' => 0,
  'download_content_length' => 257,
  'upload_content_length' => 0,
  'starttransfer_time' => 0.210032,
  'redirect_time' => 0,
  'redirect_url' => 'https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo',
  'primary_ip' => '74.125.226.148',
  'certinfo' => 
  array (
  ),
  'primary_port' => 443,
  'local_ip' => '192.168.5.197',
  'local_port' => 50454,
)

有什么想法吗？谢谢。这是PHP 5.5.7。

Answer 1

我重新启动了Apache，问题就消失了。我检查了我的系统软件包安装日志（/var/log/yum.log），发现安装了NSS更新。我想你应该在升级后重启Apache。

Answer 2

也许您应该按照建议的here尝试PHP代码中的不安全设置。

您也可以从命令行尝试curl，看看你的curl安装是否按照设计工作，方法是在终端中运行以下命令

curl --insecure <your-url>

Answer 3

你的php是用--with-open-ssl=/usr/local/ssl编译的吗？请使用<?php phpinfo(); ?>确认查找带有标题“OpenSSL”的框。如果您在那里看到它，那么您的PHP安装现在已启用SSL支持。

More Info

PHP的libcurl无法连接到https站点

3 个答案: