doudiao2335
2017-04-25 15:27
浏览 772
已采纳

cURL连接问题 - 错误设置证书验证位置

We have been struggling with cURL since we've had our new server (no issues previously). In the last 6 months we've searched and tried to fix the issue at the root, with no success.

We are running an Ubuntu 16.04 server, with a Codeigniter project on PHP and Nginx.

The (composer) package we are currently having the issue with is the Mailgun API (which extends the composer package php-http)

Below is the error that we get when connecting via cURL

An uncaught Exception was encountered

Type: Http\Client\Exception\RequestException

Message: error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-bundle.crt CApath: /etc/ssl/certs

Filename: /var/www/ domain /vendor/php-http/curl-client/src/Client.php

Line Number: 137

The only solution that has worked for us so far disabling CURLOPT_SSL_VERIFYPEER, but we've had to do that inside the composer package, which obviously is not a proper solution.

I'm hoping someone here can please shed some light on how we might be able to resolve the issue.

What we have tried so far:

  • Checked the date on the server
  • Disable CURLOPT_SSL_VERIFYPEER, but not a viable solution
  • Set .curlrc file (but issue is that webserver user is executing, so no place to put it?
  • Checked the /etc/ssl/certs/ folder to see if the files exist.
  • sudo update-ca-certificates --fresh

File permissions on the folder

root@Ubuntu-1604-xenial-64-minimal /etc/ssl/certs # ls -la ca*
lrwxrwxrwx 1 root root     37 Apr 26 11:17 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
-rwxrwxrwx 1 root root 274340 Mar  8 17:09 ca-bundle.crt
-rwxrwxrwx 1 root root 274340 Apr 26 11:25 ca-certificates.crt
-rwxrwxrwx 1 root root 261889 Jan 18 06:12 cacert.pem
-rwxrwxrwx 1 root root 261889 Jan 18 06:12 cacert.pem.txt

图片转代码服务由CSDN问答提供 功能建议

我们一直在努力使用cURL,因为我们有了新的服务器(以前没有问题)。 在过去的6个月里,我们一直在搜索并尝试在根目录下解决问题,但没有成功。

我们正在运行一个Ubuntu 16.04服务器,在PHP和Nginx上有一个Codeigniter项目 。

我们目前遇到问题的(作曲家)包是Mailgun API(它扩展了作曲家包 php-http

以下是通过cURL连接时出现的错误

 遇到未捕获的异常
 
Type:Http \ Client \ Exception \ RequestException 
 \  nMessage:错误设置证书验证位置:CAfile:/etc/ssl/certs/ca-bundle.crt CApath:/ etc / ssl / certs 
 
Filename:/ var / www / domain / vendor / php-http / curl-  client / src / Client.php 
 
Line Number:137 
   
 
 

到目前为止,唯一有效的解决方案是禁用 CURLOPT_SSL_VERIFYPEER 但是我们必须在作曲家包中做到这一点,这显然不是一个合适的解决方案。

我希望有人可以请一些关于我们如何能够解决的问题 解决问题。

到目前为止我们尝试过:

  • 检查服务器上的日期 \ n
  • 禁用 CURLOPT_SSL_VERIFYPEER ,但不是a 可行的解决方案
  • 设置 .curlrc 文件(但问题是网络服务器用户正在执行,所以没有地方可以放置它?
  • 检查了 / etc / ssl / certs / 文件夹,查看文件是否存在。
  • sudo update-ca-certificates --fresh

    文件夹的文件权限

      root @ Ubuntu-1604-xenial-64-minimal / etc / ssl / certs  #ls -la ca * 
    lrwxrwxrwx 1 root root 37 Apr 26 11:17 ca6e4ad9.0  - >  ePKI_Root_Certification_Authority.pem 
    -rwxrwxrwx 1 root root 274340 Mar 8 17:09 ca-bundle.crt 
    -rwxrwxrwx 1 root root 274340 Apr 26 11:25 ca-certificates.crt 
    -rwxrwxrwx 1 root root 261889 1月18日06  :12 cacert.pem 
    -rwxrwxrwx 1 root root 261889 1月18日06:12 cacert.pem.txt 
       
     
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongsuoxi1790 2017-04-26 12:06
    已采纳

    As I have been struggling with this for a long time and haven't been able to find the answer anywhere, but found it due to the help of @ Deadooshka in a not so related post, I'll leave my question and answer here.

    For me the solution what that the /etc/ssl folder needed execute permission. I have no idea where this has gone wrong, but the solution for me was the following:

    $ /etc # chmod o+x ssl

    When the permissions were wrong, I could not read the certificate file using file_get_contents(/etc/ssl/certs/ca-certificates.crt) in a PHP script in the web root, executed from the browser. After the fix, the file was read.

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题