cURL SSL无法在Xampp上获取本地颁发者证书

时间:2013-10-03 16:33:33

标签: curl ssl

我为Windows安装了一个全新的Xampp 1.8.3副本,它随附了cURL。我正在尝试连接的测试网站是https://www.mozilla.org/en-US/。这是我的代码:

<?php

// Set the URL to visit
$url = "https://www.mozilla.org/en-US/";

// Set .pem file to use
$certFile = dirname(__FILE__) . '\www.mozilla.org.crt';

// In this example we are referring to a page that handles xml
$headers = array( "Content-Type: text/xml",);

// Initialise Curl
$curl = curl_init($url);
if ($curl === false)
    throw new Exception(' cURL init failed');

// Set up to view correct page type
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);

// Turn on SSL certificate verfication
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAPATH, $certFile);

// Tell the curl instance to talk to the server using HTTP POST
curl_setopt($curl, CURLOPT_POST, 1);

// 1 second for a connection timeout with curl
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);

// Try using this instead of the php set_time_limit function call
curl_setopt($curl, CURLOPT_TIMEOUT, 60);

// Causes curl to return the result on success which should help us avoid using the writeback option
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

echo "Connecting to " . $url . "<br/>";
echo "Using " . $certFile . "<br/>";
echo "<br/>";

if(curl_exec($curl) == false)
    echo ("Error: " . curl_errno($curl) . ", " . curl_error($curl) . "<br/>");
else
    echo "Success!" . "<br/>";

?>

以下是我使用FireFox 24从网站证书中提取的.PEM文件:

-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgICKTgwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMxMTAvBgNVBAsTKFNlZSB3d3cuZ2VvdHJ1
c3QuY29tL3Jlc291cmNlcy9jcHMgKGMpMDYxLDAqBgNVBAMTI0dlb1RydXN0IEV4
dGVuZGVkIFZhbGlkYXRpb24gU1NMIENBMB4XDTExMTIxNTIwMzU0N1oXDTEzMTIx
NjIxMjMwOFowge0xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYL
KwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAP
BgNVBAUTCEMyNTQzNDM2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBGb3Vu
ZGF0aW9uMRYwFAYDVQQLEw1JVCBPcGVyYXRpb25zMRgwFgYDVQQDEw93d3cubW96
aWxsYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeOh6yffa6
EUJiq7B3gmqMopyskeIquGSmuz5lpS3ajoUezV24W/xnKHSgn87C0KBzUSjRY46I
x9lHdgfDlptNv1Zt+BoRwVHuZt0IZnGYZeStg05qGY5fsznpDIfyJAWXtOaWmju7
2a1Mpvultu4AkoxD1etPZZgY/FaUSftmpYvpCaHFjL+mLdF88NvUG6OpX4/L/uTv
05OOPcjbLHvL3tw1CerOzqF6BDbB8qOh0DXAN/CF4/OS8LdLWXW2VPDXv+fMq4aw
eCV+nDVn6V4sZH5rplztPXMQdZZoxSMESctd1lpFarXpd7uJ8kzrmMz9D3dIzkhL
/lA9B6Dng/8BAgMBAAGjggGMMIIBiDAfBgNVHSMEGDAWgBQoxOuP8V95kKMrVcNW
Tn1rU3IsGDBuBggrBgEFBQcBAQRiMGAwKgYIKwYBBQUHMAGGHmh0dHA6Ly9FVlNT
TC1vY3NwLmdlb3RydXN0LmNvbTAyBggrBgEFBQcwAoYmaHR0cDovL0VWU1NMLWFp
YS5nZW90cnVzdC5jb20vZXZjYS5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAnBgNVHREEIDAegg93d3cubW96aWxsYS5v
cmeCC21vemlsbGEub3JnMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNTTC1j
cmwuZ2VvdHJ1c3QuY29tL2NybHMvZ3RleHR2YWxjYS5jcmwwDAYDVR0TAQH/BAIw
ADBLBgNVHSAERDBCMEAGCSsGAQQB8CIBBjAzMDEGCCsGAQUFBwIBFiVodHRwOi8v
d3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IB
AQDBO3AEZKza01zLPQiq3wzRXClKwW/u6D1Fznv7v7hU97luVcbkY/kNAiMerqPk
hTfhtnLYIuu9ZFapv2vVdRuzY/hGc3Rieek7f/T8d0tojfjdGgXwwg9M5qaDe35a
0hbsGR1Z1DdWtuGeKPuP6dzDw2zvfcOEf0l14M/ECS2sRU3MX42Rm6BK4xH1cjac
KFz+Ngwe4CivEvU4R0+MjPvmTePTyjazU+rzz5fA1JRQ7CCE00+tAAqAIAzHINlH
maKUEkR+OwUDEhKc+cQUq+EBeS3ILlufJWak1HFkxRAJAnw9za1ubG+y9V7MVheL
rc60KdNJLKwH5EQ0tZSx71jt
-----END CERTIFICATE-----

我有一个远程朋友用他的机器上的.pem文件尝试代码,这对他有用。我的运行时环境中是否存在一些阻止这种情况的东西?感谢。

2 个答案:

答案 0 :(得分:9)

尝试使用Mozilla的最新&#34;证书数据&#34;束。

http://curl.haxx.se/ca/cacert.pem

似乎它包含了大多数常见的CA.

在你的php.ini中设置

curl.cainfo=<path-to>cacert.pem

重启XAMPP / Apache模块。

仔细检查

phpinfo();

你的curl.cainfo设置正确。

答案 1 :(得分:0)

我将这个答案留给像我这样使用GoDaddy主机的用户。这是方案

  1. 网站托管由Google Compute Engine(GCE)
    2. 提供
  2. 证书由GoDaddy颁发

    3. 每当我尝试从外部服务器调用CURL到GCE上的应用程序时,我都会收到错误 - 无法获得本地颁发者证书

    我是如何通过使用以下代码来使用GoDaddy提供的证书包来调用我的cURL的。从本质上讲,网上可用的大多数捆绑包都没有GoDaddy证书颁发机构,因此也没有错误。如果您使用GoDaddy提供的证书包,则不会收到错误。

    如果您正在寻找GoDaddy证书包,可以在SSL / TSL部分的GoDaddy帐户中找到

    $ch = curl_init("https://my.secure.website");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/gd_bundle-g2-g1.crt");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
相关问题
最新问题