使用Windows Server 2008R2和PHP 5.2的cURL SSL CA Config

时间:2016-02-05 14:26:48

标签: php ssl curl

我正在尝试让cURL SSL在PHP 5.2下正常运行(我们运行的一些旧代码所需),而不禁用SSL验证。我已下载最新的(1月20日)cacert.pem文件,并将其放入我们的PHP目录(E:\ PHP),然后运行一个小测试脚本:

<?php
  function nxs_cURLTest($url, $msg, $testText){  
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36"); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_TIMEOUT, 10); 
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt($ch, CURLOPT_CAINFO, "e:\php\cacert.pem");

    $verbose = fopen('php://temp', 'w+');
    curl_setopt($ch, CURLOPT_STDERR, $verbose);    

    $response = curl_exec($ch); 
    $errmsg = curl_error($ch); 
    $cInfo = curl_getinfo($ch); 
    curl_close($ch); 
    echo "<br />Testing ... ".$url." - ".$cInfo['url']."<br />";
    if (stripos($response, $testText)!==false) 
      echo "....".$msg." - OK<br />"; 
    else 
    { 
      echo "....<b style='color:red;'>".$msg." - Problem</b><br /><pre>"; 
      print_r($errmsg); 
      print_r($cInfo); 
      print_r(htmlentities($response)); 
      echo "</pre>There is a problem with cURL. You need to contact your server admin or hosting provider.<br />";
    }
    rewind($verbose);
    $verboseLog = stream_get_contents($verbose);
    echo "<br />Verbose output:</br />";
    echo "<pre>", htmlspecialchars($verboseLog), "</pre>";    
  }

  nxs_cURLTest("https://www.google.com/", "HTTPS to Google", "Mountain View, CA");
  nxs_cURLTest("https://internalserver.example.com/curl/", "HTTPS to Internal", "Internal Test");
?>

现在我希望调用内部服务器的SSL会失败,因为它使用不在cacert.pem文件中的自签名证书(一次一步)但我甚至无法接到Google的电话上班。这是输出:

Testing ... https://www.google.com/ - https://www.google.com/....HTTPS to Google - Problem
SSL certificate problem, verify that the CA cert is OK. 
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Array
(
    [url] => https://www.google.com/
    [content_type] =>
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.047
    [namelookup_time] => 0.031
    [connect_time] => 0.047
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => -1
    [starttransfer_time] => 0
    [redirect_time] => 0
)
There is a problem with cURL. You need to contact your server admin or hosting provider.
Verbose output:
* About to connect() to www.google.com port 443 (#0)
*   Trying 216.58.192.100... * connected
* Connected to www.google.com (216.58.192.100) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: e:\php\cacert.pem
    CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0


Testing ... https://internalserver.example.com/curl/ - https://internalserver.example.com/curl/.... HTTPS to InternalServer - Problem
SSL certificate problem, verify that the CA cert is OK. 
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Array
(
    [url] => https://internalserver.example.com/curl/
    [content_type] =>
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0
    [namelookup_time] => 0
    [connect_time] => 0
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => -1
    [starttransfer_time] => 0
    [redirect_time] => 0
)
There is a problem with cURL. You need to contact your server admin or hosting provider.

Verbose output:
* About to connect() to internalserver.example.com port 443 (#0)
*   Trying 192.168.1.10... * connected
* Connected to internalserver.example.com (192.168.1.10) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: e:\php\cacert.pem
    CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details:
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0

1 个答案:

答案 0 :(得分:2)

我在这里看到两个潜在的问题。

1:Google仅支持TLSv1.0,TLSv1.1和TLSv1.2。由于您有旧版本的PHP,可能还有cURL和OpenSSL,根据错误消息,您可能没有任何TLS支持。

2:在curl_setopt($ch, CURLOPT_CAINFO, "e:\php\cacert.pem");行中,\需要进行转义,因此可能无法正确获取证书的路径。请尝试curl_setopt($ch, CURLOPT_CAINFO, "e:\\php\\cacert.pem");或仅curl_setopt($ch, CURLOPT_CAINFO, "e:/php/cacert.pem");

但根据错误消息,SSL3_GET_SERVER_CERTIFICATE:certificate verify failed我认为这是第一个问题。

检查<?php phpinfo() ?>,看看PHP有哪些cURL和OpenSSL版本。如果它是OpenSSL 0.9.8,那么你很可能没有TLS支持。

相关问题
最新问题