Guzzle和HTTPS

Question

我想使用Guzzle和Silex向https页面发送请求.

使用http url我有一个回复:

app->get('/',function() use ($app, $client){

    $response = $client->get("http://www.google.fr");

    var_dump($response);

});    

我的回复:

object(GuzzleHttp\Message\Response)[102]
  private 'reasonPhrase' => string 'OK' (length=2)
  private 'statusCode' => int 200
  private 'effectiveUrl' => string 'http://www.google.fr' (length=20)
  private 'headers' (GuzzleHttp\Message\AbstractMessage) => 
    array (size=13)
      'date' => 
        array (size=1)
          0 => string 'Wed, 18 Feb 2015 10:57:37 GMT' (length=29)
      'expires' => 

但是使用https:

$app->get('/',function() use ($app, $client){
$url = "https://api.zoapp.com/v1/stc/cans/directory/pub/Employees";

$response = $client->get("https://www.facebook.com/");

var_dump($response);

});

我有错误:

RequestException in RequestException.php line 51:

和

RingException in CurlFactory.php line 126:

细节:pastbin链接

Answer 1

在您链接到详细信息后,异常消息显示:

cURL错误60:请参阅http://curl.haxx.se/libcurl/c/libcurl-errors.html

查找http://curl.haxx.se/libcurl/c/libcurl-errors.html我找到了

CURLE_SSL_CACERT(60)

无法使用已知的CA证书对对等证书进行身份验证.

因此,它很可能是SSL验证/ CA捆绑的问题.通过将verify请求选项设置为false,guzzle(resp.curl)将不会尝试针对证书验证主机,因此错误消失( - 回复/sf/answers/2000788471/)

但是,您不希望这样做;)相反,您应该尝试通过提供有效的CA捆绑包来解决问题.

IIRC,在v4 guzzle中提供了默认证书(请参阅https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem),但在版本5中将其删除,现在尝试发现您的默认系统CA捆绑.从文档中,检查这些位置:

Check if openssl.cafile is set in your php.ini file.
Check if curl.cainfo is set in your php.ini file.
Check if /etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)
Check if /etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)
Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
Check if C:\windows\curl-ca-bundle.crt exists (Windows)

但是,我发现在创建新证书时更容易明确地设置证书Client.这意味着:

• 下载https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem或更好(因为更新)http://curl.haxx.se/ca/cacert.pem(参见http:/ /curl.haxx.se/docs/caextract.html)
• 在Client实例化中使用此证书的本地路径

示例(假设您的证书名称cacert.pem与脚本位于同一目录中):

$default = ["verify" => __DIR__ . "/cacert.pem"];
$config = ["defaults" => $default];
$client = new Client($config);
$response = $client->get("https://www.facebook.com");

Answer 2

我找到了一个解决方案，但不知道为什么它有效：

$client->setDefaultOption('verify', false);
$response = $client->get("https://www.facebook.com");