您好我有以下代码和相应的日志。如果有人能找出证书问题,请告诉我。
/////////////////////////////////////////////php curl code//////////////////////////////////////////
curl_setopt_array($handle, array(
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_VERBOSE => true,
CURLOPT_HEADER => true,
CURLOPT_CAINFO => 'C:\wamp\www\server.pem',
CURLOPT_HTTPHEADER => $headers,
CURLOPT_POSTFIELDS => $credentials,
CURLOPT_SSLCERT => 'C:\wamp\bin\apache\Apache2.4.4\conf\ssl.cert\server.crt',
CURLOPT_SSLKEY => 'C:\wamp\bin\apache\Apache2.4.4\conf\ssl.key\server.key',
CURLOPT_SSLCERTPASSWD => "mypassphrase",
CURLOPT_HTTPAUTH => CURLOPT_HTTPAUTH ,
CURLOPT_RETURNTRANSFER => false,
CURLOPT_POST => true,);
$response=curl_exec($handle);
if (false ===$response ) {
echo "Error while loading page: ". curl_error($handle). "\n";
}
else
{
echo "success while loading page: ".curl_error($handle)."\n";
echo $response;
}
$status_code=curl_getinfo($handle, CURLINFO_HTTP_CODE);
// echo "status code --> $status_code" . "\n";
$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
echo "header_size-->$header_size ","\n";
$header = substr($response, 0, $header_size);
echo "header --->$header ","\n";
$body = substr($response, $header_size);
echo "body---: $body ","\n";
curl_close($handle);
/////////////////////////////////////////////// //////////////////////////////////////////////////
/////////////// Apache_error_log ///////////////////////
* Adding handle: conn: 0x21a1f58
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x21a1f58) send_pipe: 1, recv_pipe: 0
* About to connect() to my.site.com port 8443 (#0)
* Trying my.site.com...
* Connected to my.site.com port 8443 (#0)
* successfully set certificate verify locations:
* CAfile: C:\wamp\www\server.pem
CApath: none
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: CN=my.site.com
* start date: 2013-07-09 07:57:53 GMT
* expire date: 2013-07-09 07:57:53 GMT
* common name: my.site.com (matched)
* issuer: CN=my.site.com
* SSL certificate verify ok.
> POST /v2/dip/auth/login HTTP/1.1
Host: my.site.com:8443
Accept: */*
contentType:application/json
MY-API-Key:@#@$@#$SDsdfsdfdsw1212312323123
Content-Length: -1
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
< HTTP/1.1 400 Bad Request
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< Transfer-Encoding: chunked
< Date: Tue, 24 Dec 2013 09:37:32 GMT
< Connection: close
<
* Closing connection 0
[Mon Dec 23 14:38:08.561536 2013] [mpm_winnt:notice] [pid 328:tid 560] AH00430: Parent: Child process 8080 exited successfully.
[Mon Dec 23 14:38:11.019782 2013] [mpm_winnt:notice] [pid 9308:tid 560] AH00455: Apache/2.4.4 (Win32) OpenSSL/1.0.1e PHP/5.4.16 configured -- resuming normal operations
////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////access.log//////////////////////////////////////
127.0.0.1 - - [23/Dec/2013:14:39:41 +0530] "GET /curltest.php HTTP/1.1" 200 359
///////////////////////////////////////sslerror.log/////////////////////////////////////
[Mon Dec 23 14:38:11.627843 2013] [ssl:warn] [pid 9972:tid 456] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Dec 23 14:38:11.627843 2013] [ssl:warn] [pid 9972:tid 456] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Mon Dec 23 14:38:11.739854 2013] [ssl:warn] [pid 9972:tid 456] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Dec 23 14:38:11.739854 2013] [ssl:warn] [pid 9972:tid 456] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
如果我将CURLOPT_SSL_VERIFYPEER设置为 true ,那么它会给我SSL证书问题:自签名证书
如果我将其设置为 false ,则会提供“HTTP / 1.1 400 Bad Request Server:Apache-Coyote / 1.1 Transfer-Encoding:chunked Date:Tue,2013年12月24日09 :56:33 GMT连接:关闭“
任何想法都会有所帮助
答案 0 :(得分:1)
1:如果您使用的是自签名证书,那么当CURLOPT_SSL_VERIFYPEER设置为true时,您就会收到错误。
CURLOPT_SSL_VERIFYPEER将检查传递的证书是否为有效的签名证书。
2:将此设置为false时遇到的问题可能与标题中设置的选项有关。
您传入$headers的价值是什么?