dsxfa26482 2016-09-30 18:54
浏览 101
已采纳

ubuntu 14.04 php 7 curl无法获得颁发者证书

I am struggling with this error for the past 2 days. I've googled hundreds of times, and nothing seems to work.

I have ubuntu 14.04 with php 7 running through command line. This is the code I am running:

try {
    $ch = curl_init();

    if (FALSE === $ch)
        throw new Exception('failed to initialize');

    curl_setopt($ch, CURLOPT_URL, 'https://infoconv.receita.fazenda.gov.br/ws/cpf/ConsultarCPF.asmx?wsdl');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CAINFO, '/etc/php/cacert.pem');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    //curl_setopt(/* ... */);

    $content = curl_exec($ch);

    if (FALSE === $content)
        throw new Exception(curl_error($ch), curl_errno($ch));

    // ...process $content now
} catch (Exception $e) {
    print_r($e);
}

and this is the output (command line):

Exception Object
(
    [message:protected] => SSL certificate problem: unable to get issuer certificate
    [string:Exception:private] => 
    [code:protected] => 60
    [file:protected] => /home/andre/Projects/p/lib/EB/Inf/teste.php
    [line:protected] => 40
    [trace:Exception:private] => Array
        (
        )

    [previous:Exception:private] => 
)

Note that the error is "unable to get issuer certificate", not "unable to get LOCAL issuer certificate" like most errors of this kind (I don't know both messages are saying the same thing or not).

Well, when I run:

php --info | grep .ini

from the command line, I get:

Configuration File (php.ini) Path => /etc/php/7.0/cli
Loaded Configuration File => /etc/php/7.0/cli/php.ini
Scan this dir for additional .ini files => /etc/php/7.0/cli/conf.d
Additional .ini files parsed => /etc/php/7.0/cli/conf.d/10-opcache.ini,
/etc/php/7.0/cli/conf.d/10-pdo.ini,
/etc/php/7.0/cli/conf.d/15-xml.ini,
/etc/php/7.0/cli/conf.d/20-calendar.ini,
/etc/php/7.0/cli/conf.d/20-ctype.ini,
/etc/php/7.0/cli/conf.d/20-curl.ini,
/etc/php/7.0/cli/conf.d/20-dom.ini,
/etc/php/7.0/cli/conf.d/20-exif.ini,
/etc/php/7.0/cli/conf.d/20-fileinfo.ini,
/etc/php/7.0/cli/conf.d/20-ftp.ini,
/etc/php/7.0/cli/conf.d/20-gettext.ini,
/etc/php/7.0/cli/conf.d/20-iconv.ini,
/etc/php/7.0/cli/conf.d/20-json.ini,
/etc/php/7.0/cli/conf.d/20-phar.ini,
/etc/php/7.0/cli/conf.d/20-posix.ini,
/etc/php/7.0/cli/conf.d/20-readline.ini,
/etc/php/7.0/cli/conf.d/20-shmop.ini,
/etc/php/7.0/cli/conf.d/20-simplexml.ini,
/etc/php/7.0/cli/conf.d/20-soap.ini,
/etc/php/7.0/cli/conf.d/20-sockets.ini,
/etc/php/7.0/cli/conf.d/20-sysvmsg.ini,
/etc/php/7.0/cli/conf.d/20-sysvsem.ini,
/etc/php/7.0/cli/conf.d/20-sysvshm.ini,
/etc/php/7.0/cli/conf.d/20-tokenizer.ini,
/etc/php/7.0/cli/conf.d/20-wddx.ini,
/etc/php/7.0/cli/conf.d/20-xmlreader.ini,
/etc/php/7.0/cli/conf.d/20-xmlrpc.ini,
/etc/php/7.0/cli/conf.d/20-xmlwriter.ini,
/etc/php/7.0/cli/conf.d/20-xsl.ini
user_ini.cache_ttl => 300 => 300
user_ini.filename => .user.ini => .user.ini
Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
open sourced by => Epinions.com

so, the loaded configuration file is in /etc/php/7.0/cli/php.ini and this is a snippet of this file with the curl configurations:

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /etc/php/cacert.pem

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile=/etc/php/cacert.pem

my cacert.pem file is updated and IS located in the given path:

╰─$ cd /etc/php/ && ls -al
total 276
drwxr-xr-x   3 root root   4096 Set 26 17:25 .
drwxr-xr-x 149 root root  12288 Set 30 15:37 ..
drwxr-xr-x   4 root root   4096 Set 26 10:48 7.0
-r--r--r--   1 root root 261644 Set 30 14:54 cacert.pem

I've got my cacert.pem from https://curl.haxx.se/ca/cacert.pem When I run:

php -r "print_r(get_loaded_extensions());"

from the command line, I get:

Array
(
    [0] => Core
    [1] => date
    [2] => libxml
    [3] => openssl
    [4] => pcre
    [5] => zlib
    [6] => filter
    [7] => hash
    [8] => pcntl
    [9] => Reflection
    [10] => SPL
    [11] => session
    [12] => standard
    [13] => PDO
    [14] => xml
    [15] => calendar
    [16] => ctype
    [17] => curl
    [18] => dom
    [19] => exif
    [20] => fileinfo
    [21] => ftp
    [22] => gettext
    [23] => iconv
    [24] => json
    [25] => Phar
    [26] => posix
    [27] => readline
    [28] => shmop
    [29] => SimpleXML
    [30] => soap
    [31] => sockets
    [32] => sysvmsg
    [33] => sysvsem
    [34] => sysvshm
    [35] => tokenizer
    [36] => wddx
    [37] => xmlreader
    [38] => xmlrpc
    [39] => xmlwriter
    [40] => xsl
    [41] => Zend OPcache
)

So, I have openssl and curl enabled.

The only different thing I did was to run:

sudo apt-get platform-update

and then my php (cli) got updated to version 7, but I don't know if this is the problem

Can someone help me figure out what the fucking hell full of demons is happening? This is driving me nuts!!!!!!

  • 写回答

1条回答 默认 最新

  • doulai7239 2016-09-30 20:08
    关注

    Save the the following code as: cert.pem and then place the absolute path of the cert.pem in the following line down below:

    curl_setopt($ch, CURLOPT_CAINFO, '/etc/php/cert.pem');

    Try it.

    -----BEGIN CERTIFICATE-----
MIIHgzCCBWugAwIBAgIEANB0wjANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEg
UmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEtMCsGA1UEAxMkQXV0b3Jp
ZGFkZSBDZXJ0aWZpY2Fkb3JhIFNFUlBST1JGQnY0MB4XDTE2MDgwNDExMjM1NVoX
DTE3MDgwNDExMjM1NVowgbMxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJh
c2lsMTYwNAYDVQQLEy1TZWNyZXRhcmlhIGRhIFJlY2VpdGEgRmVkZXJhbCBkbyBC
cmFzaWwgLSBSRkIxETAPBgNVBAsTCEFSU0VSUFJPMRowGAYDVQQLExFSRkIgZS1T
ZXJ2aWRvciBBMTEoMCYGA1UEAxMfaW5mb2NvbnYucmVjZWl0YS5mYXplbmRhLmdv
di5icjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAB4W8qNlNQiR37
lFA8iMM+DrFPDXuz9EY9MpR/ZFP/yIH0k5tgcm8IvI7Nfl3erIp9UUIP19yfZ/MJ
TkcGzyLDUDOOOA06XE10MYOil6xTeboPdrsRjBvVf8vGvpm9ldrIrIAfBt7PhKTs
P0PiNmFpgjdOFzxSGAlIN/Acq/lQuUgQd0J9mMaG1uM502wT8sbKMwysGW15x19W
A7s8uv1rYxmOpFjLI2cSJ2S23DLmNbxcUyPOLa5HviPpAqVv2RSEei65y4XV2BMt
XUlYutg9NSFXKQ2IwGWlBQbrdyAiLKDMbpaL5bHM8nDHjQpj6X5sIP+hwlindE6D
ub704/sCAwEAAaOCAsUwggLBMB8GA1UdIwQYMBaAFDAKLAy4Nyvg9toC/oCCZ5aY
VBk7MFsGA1UdIARUMFIwUAYGYEwBAgEKMEYwRAYIKwYBBQUHAgEWOGh0dHA6Ly9y
ZXBvc2l0b3Jpby5zZXJwcm8uZ292LmJyL2RvY3MvZHBjYWNzZXJwcm9yZmIucGRm
MIHRBgNVHR8EgckwgcYwPKA6oDiGNmh0dHA6Ly9yZXBvc2l0b3Jpby5zZXJwcm8u
Z292LmJyL2xjci9hY3NlcnByb3JmYnY0LmNybDA+oDygOoY4aHR0cDovL2NlcnRp
ZmljYWRvczIuc2VycHJvLmdvdi5ici9sY3IvYWNzZXJwcm9yZmJ2NC5jcmwwRqBE
oEKGQGh0dHA6Ly9yZXBvc2l0b3Jpby5pY3BicmFzaWwuZ292LmJyL2xjci9zZXJw
cm8vYWNzZXJwcm9yZmJ2NC5jcmwwVgYIKwYBBQUHAQEESjBIMEYGCCsGAQUFBzAC
hjpodHRwOi8vcmVwb3NpdG9yaW8uc2VycHJvLmdvdi5ici9jYWRlaWFzL2Fjc2Vy
cHJvcmZidjQucDdiMIHlBgNVHREEgd0wgdqgOwYFYEwBAwigMgQwU0VSVklDTyBG
RURFUkFMIERFIFBST0NFU1NBTUVOVE8gREUgREFET1MgU0VSUFJPoD0GBWBMAQME
oDQEMjE4MDMxOTgwMjg1NjAxNjg4MDAwMDAwMDAwMDAwMDAwMDAwMDAyOTQxOTM5
M1NTUFNQoCIGBWBMAQMCoBkEF0VEVUFSRE8gWU9TSElEQSBTQUxPTUFPoBkGBWBM
AQMDoBAEDjMzNjgzMTExMDAwMTA3gR1lZHVhcmRvLnNhbG9tYW9Ac2VycHJvLmdv
di5icjAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMA0GCSqGSIb3DQEBCwUAA4ICAQBKUwvcSJl8IXFaMGRfy9bSU3eum1ETkLe/
f7rlPok3z7xoi//RSEmuHSzopkfIooq1H3zX4PZuawjC/oZ1y3TFL4m2lxcY5rvx
pZMWibC5aAoDZaTw+B4pzQTBFTQEpQO6y49sq0/HrRpGmrLUFcXV1dhkVKAzXzOt
ST6BO1sNGJCZzfYopD1DFdhmGDkQnUp2Ws9k2rNt72le8/MZ/2mI2aFTdmgUNdVQ
bs0pCXPSWdB9Hw0nt+Z3r75uX/Yimh+NUI1BCuItzBrFjMT7JA2n5cnInTCGuBY6
c041xoI19vbwa+vz+7+KMtV/ecl/H8NuIsPRmYqr6kQDqHXu7SvgRMPKj8nobjxa
w/6TB4g2DRsu8C4R8SJWNyW9HXGgbqOv7dU+yEWs75/NaRmEzEMQZWmvE2xPNb0s
Z7F8bb8o6gMfAOWUgVHChcCNV/MAdi0zKojvgNBJYxocwyz/mBstRNv5d5DdL0+9
zroSatTsD8VBatL01TpJWc+dMXbPW9z7g6jUQT0jEGizNUGzJD+EgBJixKfCAIDs
HsGOJQ/zYQ7Mbos4mTVMieUmm9CxSV3Oxe2qwa/mqR2Bvhrf6WrrUuSVu477LOgO
mIGsV0+wj2AkYEwKsg1IWZFUqzZv5uFEflcfBFLbmyfT7J13ezu4gQa3ieOpCMg9
Qkj9S/CN+Q==
-----END CERTIFICATE-----
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥170 如图所示配置eNSP
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效
  • ¥15 悬赏!微信开发者工具报错,求帮改
  • ¥20 wireshark抓不到vlan
  • ¥20 关于#stm32#的问题:需要指导自动酸碱滴定仪的原理图程序代码及仿真
  • ¥20 设计一款异域新娘的视频相亲软件需要哪些技术支持
  • ¥15 stata安慰剂检验作图但是真实值不出现在图上
  • ¥15 c程序不知道为什么得不到结果
  • ¥15 键盘指令混乱情况下的启动盘系统重装