2013-10-03 195 views
1

我已經爲啓用了cURL的Windows安裝了新的Xampp 1.8.3副本。我試圖連接的測試網站是https://www.mozilla.org/en-US/。這裏是我的代碼:cURL SSL無法在Xampp上獲得本地發行者證書

<?php 

// Set the URL to visit 
$url = "https://www.mozilla.org/en-US/"; 

// Set .pem file to use 
$certFile = dirname(__FILE__) . '\www.mozilla.org.crt'; 

// In this example we are referring to a page that handles xml 
$headers = array("Content-Type: text/xml",); 

// Initialise Curl 
$curl = curl_init($url); 
if ($curl === false) 
    throw new Exception(' cURL init failed'); 

// Set up to view correct page type 
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); 

// Turn on SSL certificate verfication 
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE); 
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($curl, CURLOPT_CAPATH, $certFile); 

// Tell the curl instance to talk to the server using HTTP POST 
curl_setopt($curl, CURLOPT_POST, 1); 

// 1 second for a connection timeout with curl 
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5); 

// Try using this instead of the php set_time_limit function call 
curl_setopt($curl, CURLOPT_TIMEOUT, 60); 

// Causes curl to return the result on success which should help us avoid using the writeback option 
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); 

echo "Connecting to " . $url . "<br/>"; 
echo "Using " . $certFile . "<br/>"; 
echo "<br/>"; 

if(curl_exec($curl) == false) 
    echo ("Error: " . curl_errno($curl) . ", " . curl_error($curl) . "<br/>"); 
else 
    echo "Success!" . "<br/>"; 

?> 

這裏是我從使用的是Firefox 24網站的證書中提取的.PEM文件:

-----BEGIN CERTIFICATE----- 
MIIFfjCCBGagAwIBAgICKTgwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYTAlVT 
MRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMxMTAvBgNVBAsTKFNlZSB3d3cuZ2VvdHJ1 
c3QuY29tL3Jlc291cmNlcy9jcHMgKGMpMDYxLDAqBgNVBAMTI0dlb1RydXN0IEV4 
dGVuZGVkIFZhbGlkYXRpb24gU1NMIENBMB4XDTExMTIxNTIwMzU0N1oXDTEzMTIx 
NjIxMjMwOFowge0xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYL 
KwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAP 
BgNVBAUTCEMyNTQzNDM2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p 
YTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBGb3Vu 
ZGF0aW9uMRYwFAYDVQQLEw1JVCBPcGVyYXRpb25zMRgwFgYDVQQDEw93d3cubW96 
aWxsYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeOh6yffa6 
EUJiq7B3gmqMopyskeIquGSmuz5lpS3ajoUezV24W/xnKHSgn87C0KBzUSjRY46I 
x9lHdgfDlptNv1Zt+BoRwVHuZt0IZnGYZeStg05qGY5fsznpDIfyJAWXtOaWmju7 
2a1Mpvultu4AkoxD1etPZZgY/FaUSftmpYvpCaHFjL+mLdF88NvUG6OpX4/L/uTv 
05OOPcjbLHvL3tw1CerOzqF6BDbB8qOh0DXAN/CF4/OS8LdLWXW2VPDXv+fMq4aw 
eCV+nDVn6V4sZH5rplztPXMQdZZoxSMESctd1lpFarXpd7uJ8kzrmMz9D3dIzkhL 
/lA9B6Dng/8BAgMBAAGjggGMMIIBiDAfBgNVHSMEGDAWgBQoxOuP8V95kKMrVcNW 
Tn1rU3IsGDBuBggrBgEFBQcBAQRiMGAwKgYIKwYBBQUHMAGGHmh0dHA6Ly9FVlNT 
TC1vY3NwLmdlb3RydXN0LmNvbTAyBggrBgEFBQcwAoYmaHR0cDovL0VWU1NMLWFp 
YS5nZW90cnVzdC5jb20vZXZjYS5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW 
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAnBgNVHREEIDAegg93d3cubW96aWxsYS5v 
cmeCC21vemlsbGEub3JnMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNTTC1j 
cmwuZ2VvdHJ1c3QuY29tL2NybHMvZ3RleHR2YWxjYS5jcmwwDAYDVR0TAQH/BAIw 
ADBLBgNVHSAERDBCMEAGCSsGAQQB8CIBBjAzMDEGCCsGAQUFBwIBFiVodHRwOi8v 
d3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IB 
AQDBO3AEZKza01zLPQiq3wzRXClKwW/u6D1Fznv7v7hU97luVcbkY/kNAiMerqPk 
hTfhtnLYIuu9ZFapv2vVdRuzY/hGc3Rieek7f/T8d0tojfjdGgXwwg9M5qaDe35a 
0hbsGR1Z1DdWtuGeKPuP6dzDw2zvfcOEf0l14M/ECS2sRU3MX42Rm6BK4xH1cjac 
KFz+Ngwe4CivEvU4R0+MjPvmTePTyjazU+rzz5fA1JRQ7CCE00+tAAqAIAzHINlH 
maKUEkR+OwUDEhKc+cQUq+EBeS3ILlufJWak1HFkxRAJAnw9za1ubG+y9V7MVheL 
rc60KdNJLKwH5EQ0tZSx71jt 
-----END CERTIFICATE----- 

我有遠程好友嘗試代碼.pem文件從他的機器和它爲他工作。有什麼我錯過了我的運行時環境,這阻止了這一點?謝謝。

+0

您的GoDaddy的帳戶可以在這裏找到答案。這是工作解決方案http://stackoverflow.com/a/32095378/268598 – Umanda

回答

9

嘗試使用最新的「來自Mozilla的證書數據」包。

http://curl.haxx.se/ca/cacert.pem

好像它有最常見的CA包括在內。

設置在php.ini

curl.cainfo=<path-to>cacert.pem 

,並重新啓動XAMPP/Apache模塊。

phpinfo(); 

仔細檢查你的curl.cainfo設置正確。

+0

雖然這個鏈接可能回答這個問題,但最好在這裏包含答案的基本部分,並提供供參考的鏈接。如果鏈接的頁面發生變化,僅鏈接的答案可能會失效 – Moes

+1

感謝您的評論@Moes在使用StackOverflow開始時獲得此反饋非常有用。爲了減少外部鏈接,我改進了答案。 – kaffeeguru

0

我在這裏給像我這樣使用GoDaddy託管的用戶留下這個答案。下面是這種情況

  1. 託管網站是由谷歌計算引擎(GCE)
  2. 證書是由GoDaddy的

發出每當我會嘗試從外部服務器調用一個捲曲的應用在GCE,我會得到錯誤 - 無法獲得本地頒發者證書

我如何解決這是通過使用以下代碼來調用我的cURL與使用由GoDaddy提供的證書包。實質上,網上可用的大多數軟件包都沒有GoDaddy證書頒發機構,因此也有錯誤。如果你使用GoDaddy提供的證書包,那麼你不會得到錯誤。

如果您正在尋找GoDaddy的證書捆綁,它是在SSL/TSL部分

$ch = curl_init("https://my.secure.website"); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); 
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/gd_bundle-g2-g1.crt"); 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt($ch, CURLOPT_TIMEOUT, 30); 
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); 
相關問題