Laravel Guzzle:卷曲错误77错误设置证书验证位置

时间:2018-05-15 08:33:58

标签: laravel ssl curl openssl guzzle

  • 操作系统:Ubuntu 16.04
  • PHP:7.2
  • CURL:curl 7.47.0(x86_64-pc-linux-gnu)libcurl / 7.47.0 GnuTLS / 3.4.10 zlib / 1.2.8 libidn / 1.32 librtmp / 2.3
  • Guzzle:6.3

我的项目目前正在使用一些依赖于Guzzle的软件包,例如:AWS,Mailgun ......但是,它经常抛出这个错误:

error: cURL error 77: error setting certificate verify locations:
CAfile: /etc/ssl/certs
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

以下是我的php.ini

的一部分 
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo='/etc/ssl/certs/ca-certificates.crt'

[openssl]
; The location of a Certificate Authority (CA) file on the local     filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile='/etc/ssl/certs/ca-certificates.crt'

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath='/etc/ssl/certs/'

这一切都不起作用,即使通过ini_get()检索它也没关系并且完全被识别出来。目前,我必须修改 vendor / guzzlehttp / guzzle / src / Client.php 并将默认配置调整为'verify'=> '/etc/ssl/certs/ca-certificates.crt'然后一切都好(我相信这不是一个好选择)

通过init_get()检索

array(8) {
["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=>  string(13) "SSL_CERT_FILE"
["default_cert_dir"]=>  string(18) "/usr/lib/ssl/certs"
["default_cert_dir_env"]=>  string(12) "SSL_CERT_DIR"
["default_private_dir"]=>  string(20) "/usr/lib/ssl/private"
["default_default_cert_area"]=>  string(12) "/usr/lib/ssl"
["ini_cafile"]=>  string(34) "/etc/ssl/certs/ca-certificates.crt"
["ini_capath"]=>  string(15) "/etc/ssl/certs/"
}

openssl.cafile: /etc/ssl/certs/ca-certificates.crt
curl.cainfo: /etc/ssl/certs/ca-certificates.crt

注意:我尝试与导出CURL_CA_BUNDLE = / etc / ssl / certs / ca-certificates.crt <一起设置〜/ .curlrc / strong>但这一切都没有工作

有没有人有任何解决方案或任何线索来解决这个问题?

1 个答案:

答案 0 :(得分:3)

与“ SSL证书问题:无法获取本地发行者证书”错误有关。显然,这适用于发送CURL请求的系统(而不是接收请求的服务器)

  1. https://curl.haxx.se/ca/cacert.pem

    2. 下载最新的cacert.pem

  2. 将以下行添加到php.ini中(如果这是共享托管,并且您无权访问php.ini,则可以将其添加到public_html中的.user.ini中)

    curl.cainfo="/path/to/downloaded/cacert.pem"

    确保将路径用双引号引起来!!!

  3. 向您的网络服务器用户(如ngnix或www-data)授予读取文件的权限。

    sudo chown www-data /etc/ssl/certs/cacert.pem

  4. 最后一步,重新启动fpm和ngnix或apache

相关问题
最新问题