当我使用Symfony2 HWIOAuthBundle将我的网络连接到facebook时出现此错误
SSL certificate problem: unable to get local issuer certificate
我在堆栈上找到了这个url下的解析方法: Symfony HWIOAuthBundle, how to configure cURL?
但是当我添加时:
http_client:
verify_peer: false
我收到另一个错误:
No property defined for entity for resource owner 'facebook'.
我不知道这有什么问题。
配置/ config.yml
imports:
- { resource: parameters.yml }
- { resource: security.yml }
framework:
#esi: ~
translator: { fallback: "pl" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
# Twig Configuration
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
# Assetic Configuration
assetic:
debug: "%kernel.debug%"
use_controller: false
bundles: [ ]
#java: /usr/bin/java
filters:
cssrewrite: ~
#closure:
# jar: "%kernel.root_dir%/Resources/java/compiler.jar"
#yui_css:
# jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"
lessphp:
file: %kernel.root_dir%/../vendor/leafo/lessphp/lessc.inc.php
apply_to: "\.less$"
# Doctrine Configuration
doctrine:
dbal:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
# if using pdo_sqlite as your database driver, add the path in parameters.yml
# e.g. database_path: "%kernel.root_dir%/data/data.db3"
# path: "%database_path%"
orm:
auto_generate_proxy_classes: "%kernel.debug%"
auto_mapping: true
# Swiftmailer Configuration
swiftmailer:
transport: "%mailer_transport%"
host: "%mailer_host%"
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }
hwi_oauth:
resource_owners:
facebook:
type: facebook
client_id: xxx
client_secret: xxx
google:
type: google
client_id: xxx
client_secret: xxx
github:
type: github
client_id: xxx
client_secret: xxx
# name of the firewall in which this bundle is active, this setting MUST be set
firewall_name: secured_area
http_client:
verify_peer: false
services:
my.oauth_aware.user_provider.service:
class: HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider
arguments:
userManager: "@fos_user.user_manager"
properties: ["pass properties as array"]
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: Acme\DemoBundle\Entity\User
braincrafted_bootstrap:
less_filter: lessphp
答案 0 :(得分:1)
http_client: verify_peer: false
糟糕的主意。
将我的网络与Facebook连接......
Facebook使用DigiCert作为其CA:
$ openssl s_client -connect facebook.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
...
如果您获取所需的CA文件并在请求中使用它,那会好得多。您可以在DigiCert Root Certificates找到DigiCert High Assurance EV Root CA。
如果您不打算正确使用PKIX,您可以使用Anonymous Diffie-Hellman(ADH)或Anonymous Elliptic Curve Diffie-Hellman(AECDH)这样的匿名协议。它会节省一些带宽,因为服务器不需要发送证书(因为你没有验证它)。