Paypal SSL錯誤

Question

我試圖使用包paypal/rest-api-sample-app-php來確定問題是否在我的代碼中。顯然它不是..所以我試圖：

curl -v https://api.sandbox.paypal.com/v1/oauth2/token 

我收到一個錯誤。這是我拼命地跑在我的CMD：

C:\Users\Eliya Cohen>curl -v https://api.sandbox.paypal.com/v1/oauth2/token 
* Trying 173.0.82.78... 
* Connected to api.sandbox.paypal.com (173.0.82.78) port 443 (#0) 
* ALPN, offering http/1.1 
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH 
* successfully set certificate verify locations: 
* CAfile: C:\Program Files\cURL\bin\curl-ca-bundle.crt 
CApath: none 
* TLSv1.2 (OUT), TLS header, Certificate Status (22): 
* TLSv1.2 (OUT), TLS handshake, Client hello (1): 
* TLSv1.2 (IN), TLS handshake, Server hello (2): 
* TLSv1.2 (IN), TLS handshake, Certificate (11): 
* TLSv1.2 (OUT), TLS alert, Server hello (2): 
* SSL certificate problem: unable to get local issuer certificate 
* Closing connection 0 
* TLSv1.2 (OUT), TLS alert, Client hello (1): 
curl: (60) SSL certificate problem: unable to get local issuer certificate 
More details here: http://curl.haxx.se/docs/sslcerts.html 

curl performs SSL certificate verification by default, using a "bundle" 
of Certificate Authority (CA) public keys (CA certs). If the default 
bundle file isn't adequate, you can specify an alternate file 
using the --cacert option. 
If this HTTPS server uses a certificate signed by a CA represented in 
the bundle, the certificate verification probably failed due to a 
problem with the certificate (it might be expired, or the name might 
not match the domain name in the URL). 
If you'd like to turn off curl's verification of the certificate, use 
the -k (or --insecure) option. 

這是我curl-ca-bundle.crt文件：http://pastebin.com/RZ6EaxTF

Answer 1

你在給引擎收錄的證書文件包含了必要的根證書。這意味着您要麼不使用pastebin中給出的CA文件，要麼您的連接中有一些middlebox用於執行SSL攔截的paypal。這可能是一個處於中間人攻擊的人，但更常見的是公司內部的SSL攔截，以便公司可以分析加密流量的惡意軟件。如果您在公司內部，請諮詢您的網絡管理員。

Answer 2

我得到了同樣的錯誤，但是在tomcat服務器中啓用ssl之後，它消失了。返回網址你應該使用