2017-04-25 15:27 阅读 439

cURL连接问题 - 错误设置证书验证位置

We have been struggling with cURL since we've had our new server (no issues previously). In the last 6 months we've searched and tried to fix the issue at the root, with no success.

We are running an Ubuntu 16.04 server, with a Codeigniter project on PHP and Nginx.

The (composer) package we are currently having the issue with is the Mailgun API (which extends the composer package php-http)

Below is the error that we get when connecting via cURL

An uncaught Exception was encountered

Type: Http\Client\Exception\RequestException

Message: error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-bundle.crt CApath: /etc/ssl/certs

Filename: /var/www/ domain /vendor/php-http/curl-client/src/Client.php

Line Number: 137

The only solution that has worked for us so far disabling CURLOPT_SSL_VERIFYPEER, but we've had to do that inside the composer package, which obviously is not a proper solution.

I'm hoping someone here can please shed some light on how we might be able to resolve the issue.

What we have tried so far:

  • Checked the date on the server
  • Disable CURLOPT_SSL_VERIFYPEER, but not a viable solution
  • Set .curlrc file (but issue is that webserver user is executing, so no place to put it?
  • Checked the /etc/ssl/certs/ folder to see if the files exist.
  • sudo update-ca-certificates --fresh

File permissions on the folder

root@Ubuntu-1604-xenial-64-minimal /etc/ssl/certs # ls -la ca*
lrwxrwxrwx 1 root root     37 Apr 26 11:17 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
-rwxrwxrwx 1 root root 274340 Mar  8 17:09 ca-bundle.crt
-rwxrwxrwx 1 root root 274340 Apr 26 11:25 ca-certificates.crt
-rwxrwxrwx 1 root root 261889 Jan 18 06:12 cacert.pem
-rwxrwxrwx 1 root root 261889 Jan 18 06:12 cacert.pem.txt
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dongsuoxi1790 dongsuoxi1790 2017-04-26 12:06

    As I have been struggling with this for a long time and haven't been able to find the answer anywhere, but found it due to the help of @ Deadooshka in a not so related post, I'll leave my question and answer here.

    For me the solution what that the /etc/ssl folder needed execute permission. I have no idea where this has gone wrong, but the solution for me was the following:

    $ /etc # chmod o+x ssl

    When the permissions were wrong, I could not read the certificate file using file_get_contents(/etc/ssl/certs/ca-certificates.crt) in a PHP script in the web root, executed from the browser. After the fix, the file was read.

    点赞 评论 复制链接分享