use*_*561 2 ssl curl openssl laravel guzzle
我的项目目前正在使用一些依赖于Guzzle的软件包,例如:AWS,Mailgun ...但是,它经常抛出以下错误:
error: cURL error 77: error setting certificate verify locations:
CAfile: /etc/ssl/certs
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
以下是我的php.ini的一部分
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo='/etc/ssl/certs/ca-certificates.crt'
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile='/etc/ssl/certs/ca-certificates.crt'
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath='/etc/ssl/certs/'
尽管通过ini_get()进行检索都是可以的,并且可以被完全识别,但是这些工作都没有。就目前而言,我必须采取一种变通方法,方法是修改vendor / guzzlehttp / guzzle / src / Client.php并将默认配置调整为'verify'=>' /etc/ssl/certs/ca-certificates.crt ',然后一切正常(我认为这不是一个好选择)
通过init_get()检索
array(8) {
["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=> string(13) "SSL_CERT_FILE"
["default_cert_dir"]=> string(18) "/usr/lib/ssl/certs"
["default_cert_dir_env"]=> string(12) "SSL_CERT_DIR"
["default_private_dir"]=> string(20) "/usr/lib/ssl/private"
["default_default_cert_area"]=> string(12) "/usr/lib/ssl"
["ini_cafile"]=> string(34) "/etc/ssl/certs/ca-certificates.crt"
["ini_capath"]=> string(15) "/etc/ssl/certs/"
}
openssl.cafile: /etc/ssl/certs/ca-certificates.crt
curl.cainfo: /etc/ssl/certs/ca-certificates.crt
注意:我尝试将〜/ .curlrc与export CURL_CA_BUNDLE = / etc / ssl / certs / ca-certificates.crt一起设置,但是没有任何工作
可以解决此问题吗?
小智 5
与“ SSL证书问题:无法获取本地颁发者证书”错误有关。显然,这适用于发送CURL请求的系统(而不是接收请求的服务器)
从https://curl.haxx.se/ca/cacert.pem下载最新的cacert.pem
将以下行添加到php.ini中(如果这是共享托管,并且您无权访问php.ini,则可以将其添加到public_html中的.user.ini中)
curl.cainfo="/path/to/downloaded/cacert.pem"
确保将路径用双引号引起来!!!!
向您的Web服务器用户(如ngnix或www-data)授予权限以读取文件。
sudo chown www-data /etc/ssl/certs/cacert.pem
最后一步,重新启动fpm和ngnix或apache
| 归档时间: |
|
| 查看次数: |
3499 次 |
| 最近记录: |