在 XAMPP 中启用对 CURL 的 SSL 支持
我正在使用编码的 PHP 脚本,它需要 CURL 的 SSL 支持。
我目前正在使用 XAMPP 进行本地开发,需要知道如何更新默认 CURL,以便在其上启用 SSL。
我正在寻找升级/支持的原因是我收到以下错误,当用 google 搜索等时会出现该错误。我知道我的计算机上的 CURL 不支持 SSL。
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
请问大家有什么建议可以给我吗? 我当前的本地服务器配置:
XAMPP 1.7.3 已启用cURL 支持
cURL 信息 7.19.6
Apache版本 Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
加载的模块 core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 服务器位于 本地主机端口 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
I am using an encoded PHP script, which requires SSL support for CURL.
I am currently using XAMPP for local development and need to know how to update the default CURL such that SSL is enabled over it.
The reason I am looking for an upgrade/support is that I am getting the following error, which when googled up and etc. I understand that SSL is not supported for CURL on my machine.
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Anyone have any recommendations for me, please?
My Current local server config:
XAMPP 1.7.3
cURL support enabled
cURL Information 7.19.6
Apache Version Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14
OpenSSL/0.9.8l mod_autoindex_color
PHP/5.3.1 mod_apreq2-20090110/2.7.1
mod_perl/2.0.4 Perl/v5.10.1
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions
mod_alias mod_asis mod_auth_basic
mod_auth_digest mod_authn_default
mod_authn_file mod_authz_default
mod_authz_groupfile mod_authz_host
mod_authz_user mod_cgi mod_dav
mod_dav_fs mod_dav_lock mod_dir
mod_env mod_headers mod_include
mod_info mod_isapi mod_log_config
mod_mime mod_negotiation mod_rewrite
mod_setenvif mod_ssl mod_status
mod_vhost_alias mod_autoindex_color
mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14
(Win32) DAV/2 mod_ssl/2.2.14
OpenSSL/0.9.8l mod_autoindex_color
PHP/5.3.1 mod_apreq2-20090110/2.7.1
mod_perl/2.0.4 Perl/v5.10.1 Server at
localhost Port 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14
OpenSSL/0.9.8l mod_autoindex_color
PHP/5.3.1 mod_apreq2-20090110/2.7.1
mod_perl/2.0.4 Perl/v5.10.1
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您的机器不支持?您发布的错误意味着 CURL 无法验证远程服务器的 SSL 证书,并且不一定表明您的计算机存在特定缺陷。
根据我之前使用 CURL 的经验,它默认不接受/信任任何证书。根据您的设置以及您计划使用它执行的操作,您可能希望信任单个
自签名证书[[无法验证自签名证书!]](例如来自另一个您运行的机器),或者您可能想要信任真正的证书颁发机构(它将启用对该 CA 签署的任何证书的验证)。如果您熟悉如何更改 CURL 的设置,本教程相当简单:http: //unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
如果您选择该路径,则可以选择根 CA ,但如果您只是保护自己的两台计算机之间的传输,则只需将 CURL 设置为信任另一台计算机的证书即可。
另一方面,如果您确实对 SSL 存在一些更深层次的问题,则可能是由多种原因造成的,例如在没有 SSL 支持的情况下构建。如果您正在制作、配置和编译自己的 CURL 版本,您可能需要查看 http://curl.haxx.se/docs/faq.html 有关 SSL 的主题,包括
http://curl.haxx.se/docs/sslcerts.html 和
http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when
请注意后一个链接(常见问题解答),自签名证书无法验证。如果您要连接到您自己的另一台服务器,则其证书需要由 CA 签名并且该 CA 的证书受 CURL 信任才能成功连接。如果您只需要获得签名,或者您可以设置自己的 CA,则可以使用免费的 CA(根据我的经验,让已设置这样做的人进行签名要容易十倍)。如果另一台服务器托管着一个处理“现实世界”(金钱、产品、个人信息等)的安全站点,则其证书应该是或者您应该由受信任的 CA 对其进行签名(VISA、Equifax、Comodo、您可以在每个浏览器中找到受信任的根 CA 列表)。
我已经介绍了如何应对该错误,但如果这些都没有帮助,那么有关您的设置和系统的更多信息可能会有所帮助。 :)
Not supported on your machine? The error you've posted means that CURL wasn't able to verify the SSL certificate for the remote server, and doesn't necessarily point to a specific inadequacy of your machine.
In my previous experience with CURL, it defaults to not accepting/trusting any certificates. Depending on your setup and what you plan to do with it, you may want to trust a single,
self-signed certificate[[Cannot verify self-signed certs!]](e.g. from another machine you run)or you may want to trust a true Certificate Authority (which will enable verification of any certs signed by that CA). This tutorial is fairly straightforward, provided you're familiar with how to change CURL's settings:http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
You can pick and choose root CAs if you take that path, but if you're just securing transfers between two of your own machines you only need to set CURL to trust the other machine's certificate.
On the other hand, if you indeed have some deeper problem with SSL, it may have resulted from any number of things, such as being built without SSL support. If you are making, configuring, and compiling your own build of CURL, you may want to take a look at http://curl.haxx.se/docs/faq.html on the topics concerning SSL, including
http://curl.haxx.se/docs/sslcerts.html and
http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when
Take note in the latter link (the FAQ) that self-signed certificates CANNOT be verified. If you're connecting to another of your own servers, its certificate will need to be signed by a CA and the CA's certificate trusted by CURL for the connection to succeed. There are free CAs out there if you only need to get a signature or you can set up your own CA (In my experience, it's just ten times easier to get it signed by someone already set up to do so). If the other server is hosting a secure site that deals with "the real world" (money, products, personal information, etc), its cert should be or you should get it signed by a trusted CA anyway (VISA, Equifax, Comodo, you can find a list of trusted root CAs in every browser).
I've covered what I can in response to that error, but if none of this helps, a little more information on your setup and system might help. :)
调用:
之前调用:
对我有用的一个非常简单的修复方法是在 php 文件中
。我认为这会禁用 SSL 证书的所有验证。
A really simple fix that worked for me was to call:
before calling:
in the php file.
I believe that this disables all verification of SSL certificates.
您应该使用证书颁发机构签署您的公钥(有一些脚本可以为您执行这些操作),或者您可以发送证书签名请求并使用您自己创建的 CA 或一些免费证书颁发机构对其进行签名...... CA.pl
脚本的路径 /usr/lib/ssl/misc/CA.pl
此命令将创建一个需要签署服务器密钥的证书颁发机构
该 CA 的公钥也必须包含在 CA_file 中
为服务器创建私钥,并且认证请求
根据私钥和请求创建服务器证书(涉及 CA 私钥)
you should sign your public key with a certificate authority (there is some script which can do these things for you ) or you can send your a certification sign request and sign it using your own created CA or some free certificate authority ......
path for the CA.pl script /usr/lib/ssl/misc/CA.pl
this command will create a certificate authority which is reuired to sign your server key
the public key of this CA must also be included in the CA_file
creates a private key for the server and a certification request
creates the server certificate from the private key and the request (involving the CA private key)