dsxfa26482 2016-09-30 18:54
浏览 101
已采纳

ubuntu 14.04 php 7 curl无法获得颁发者证书

I am struggling with this error for the past 2 days. I've googled hundreds of times, and nothing seems to work.

I have ubuntu 14.04 with php 7 running through command line. This is the code I am running:

try {
    $ch = curl_init();

    if (FALSE === $ch)
        throw new Exception('failed to initialize');

    curl_setopt($ch, CURLOPT_URL, 'https://infoconv.receita.fazenda.gov.br/ws/cpf/ConsultarCPF.asmx?wsdl');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CAINFO, '/etc/php/cacert.pem');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    //curl_setopt(/* ... */);

    $content = curl_exec($ch);

    if (FALSE === $content)
        throw new Exception(curl_error($ch), curl_errno($ch));

    // ...process $content now
} catch (Exception $e) {
    print_r($e);
}

and this is the output (command line):

Exception Object
(
    [message:protected] => SSL certificate problem: unable to get issuer certificate
    [string:Exception:private] => 
    [code:protected] => 60
    [file:protected] => /home/andre/Projects/p/lib/EB/Inf/teste.php
    [line:protected] => 40
    [trace:Exception:private] => Array
        (
        )

    [previous:Exception:private] => 
)

Note that the error is "unable to get issuer certificate", not "unable to get LOCAL issuer certificate" like most errors of this kind (I don't know both messages are saying the same thing or not).

Well, when I run:

php --info | grep .ini

from the command line, I get:

Configuration File (php.ini) Path => /etc/php/7.0/cli
Loaded Configuration File => /etc/php/7.0/cli/php.ini
Scan this dir for additional .ini files => /etc/php/7.0/cli/conf.d
Additional .ini files parsed => /etc/php/7.0/cli/conf.d/10-opcache.ini,
/etc/php/7.0/cli/conf.d/10-pdo.ini,
/etc/php/7.0/cli/conf.d/15-xml.ini,
/etc/php/7.0/cli/conf.d/20-calendar.ini,
/etc/php/7.0/cli/conf.d/20-ctype.ini,
/etc/php/7.0/cli/conf.d/20-curl.ini,
/etc/php/7.0/cli/conf.d/20-dom.ini,
/etc/php/7.0/cli/conf.d/20-exif.ini,
/etc/php/7.0/cli/conf.d/20-fileinfo.ini,
/etc/php/7.0/cli/conf.d/20-ftp.ini,
/etc/php/7.0/cli/conf.d/20-gettext.ini,
/etc/php/7.0/cli/conf.d/20-iconv.ini,
/etc/php/7.0/cli/conf.d/20-json.ini,
/etc/php/7.0/cli/conf.d/20-phar.ini,
/etc/php/7.0/cli/conf.d/20-posix.ini,
/etc/php/7.0/cli/conf.d/20-readline.ini,
/etc/php/7.0/cli/conf.d/20-shmop.ini,
/etc/php/7.0/cli/conf.d/20-simplexml.ini,
/etc/php/7.0/cli/conf.d/20-soap.ini,
/etc/php/7.0/cli/conf.d/20-sockets.ini,
/etc/php/7.0/cli/conf.d/20-sysvmsg.ini,
/etc/php/7.0/cli/conf.d/20-sysvsem.ini,
/etc/php/7.0/cli/conf.d/20-sysvshm.ini,
/etc/php/7.0/cli/conf.d/20-tokenizer.ini,
/etc/php/7.0/cli/conf.d/20-wddx.ini,
/etc/php/7.0/cli/conf.d/20-xmlreader.ini,
/etc/php/7.0/cli/conf.d/20-xmlrpc.ini,
/etc/php/7.0/cli/conf.d/20-xmlwriter.ini,
/etc/php/7.0/cli/conf.d/20-xsl.ini
user_ini.cache_ttl => 300 => 300
user_ini.filename => .user.ini => .user.ini
Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
open sourced by => Epinions.com

so, the loaded configuration file is in /etc/php/7.0/cli/php.ini and this is a snippet of this file with the curl configurations:

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /etc/php/cacert.pem

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile=/etc/php/cacert.pem

my cacert.pem file is updated and IS located in the given path:

╰─$ cd /etc/php/ && ls -al
total 276
drwxr-xr-x   3 root root   4096 Set 26 17:25 .
drwxr-xr-x 149 root root  12288 Set 30 15:37 ..
drwxr-xr-x   4 root root   4096 Set 26 10:48 7.0
-r--r--r--   1 root root 261644 Set 30 14:54 cacert.pem

I've got my cacert.pem from https://curl.haxx.se/ca/cacert.pem When I run:

php -r "print_r(get_loaded_extensions());"

from the command line, I get:

Array
(
    [0] => Core
    [1] => date
    [2] => libxml
    [3] => openssl
    [4] => pcre
    [5] => zlib
    [6] => filter
    [7] => hash
    [8] => pcntl
    [9] => Reflection
    [10] => SPL
    [11] => session
    [12] => standard
    [13] => PDO
    [14] => xml
    [15] => calendar
    [16] => ctype
    [17] => curl
    [18] => dom
    [19] => exif
    [20] => fileinfo
    [21] => ftp
    [22] => gettext
    [23] => iconv
    [24] => json
    [25] => Phar
    [26] => posix
    [27] => readline
    [28] => shmop
    [29] => SimpleXML
    [30] => soap
    [31] => sockets
    [32] => sysvmsg
    [33] => sysvsem
    [34] => sysvshm
    [35] => tokenizer
    [36] => wddx
    [37] => xmlreader
    [38] => xmlrpc
    [39] => xmlwriter
    [40] => xsl
    [41] => Zend OPcache
)

So, I have openssl and curl enabled.

The only different thing I did was to run:

sudo apt-get platform-update

and then my php (cli) got updated to version 7, but I don't know if this is the problem

Can someone help me figure out what the fucking hell full of demons is happening? This is driving me nuts!!!!!!

  • 写回答

1条回答 默认 最新

  • doulai7239 2016-09-30 20:08
    关注

    Save the the following code as: cert.pem and then place the absolute path of the cert.pem in the following line down below:

    curl_setopt($ch, CURLOPT_CAINFO, '/etc/php/cert.pem');
    

    Try it.

    -----BEGIN CERTIFICATE-----
    MIIHgzCCBWugAwIBAgIEANB0wjANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
    QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEg
    UmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEtMCsGA1UEAxMkQXV0b3Jp
    ZGFkZSBDZXJ0aWZpY2Fkb3JhIFNFUlBST1JGQnY0MB4XDTE2MDgwNDExMjM1NVoX
    DTE3MDgwNDExMjM1NVowgbMxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJh
    c2lsMTYwNAYDVQQLEy1TZWNyZXRhcmlhIGRhIFJlY2VpdGEgRmVkZXJhbCBkbyBC
    cmFzaWwgLSBSRkIxETAPBgNVBAsTCEFSU0VSUFJPMRowGAYDVQQLExFSRkIgZS1T
    ZXJ2aWRvciBBMTEoMCYGA1UEAxMfaW5mb2NvbnYucmVjZWl0YS5mYXplbmRhLmdv
    di5icjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAB4W8qNlNQiR37
    lFA8iMM+DrFPDXuz9EY9MpR/ZFP/yIH0k5tgcm8IvI7Nfl3erIp9UUIP19yfZ/MJ
    TkcGzyLDUDOOOA06XE10MYOil6xTeboPdrsRjBvVf8vGvpm9ldrIrIAfBt7PhKTs
    P0PiNmFpgjdOFzxSGAlIN/Acq/lQuUgQd0J9mMaG1uM502wT8sbKMwysGW15x19W
    A7s8uv1rYxmOpFjLI2cSJ2S23DLmNbxcUyPOLa5HviPpAqVv2RSEei65y4XV2BMt
    XUlYutg9NSFXKQ2IwGWlBQbrdyAiLKDMbpaL5bHM8nDHjQpj6X5sIP+hwlindE6D
    ub704/sCAwEAAaOCAsUwggLBMB8GA1UdIwQYMBaAFDAKLAy4Nyvg9toC/oCCZ5aY
    VBk7MFsGA1UdIARUMFIwUAYGYEwBAgEKMEYwRAYIKwYBBQUHAgEWOGh0dHA6Ly9y
    ZXBvc2l0b3Jpby5zZXJwcm8uZ292LmJyL2RvY3MvZHBjYWNzZXJwcm9yZmIucGRm
    MIHRBgNVHR8EgckwgcYwPKA6oDiGNmh0dHA6Ly9yZXBvc2l0b3Jpby5zZXJwcm8u
    Z292LmJyL2xjci9hY3NlcnByb3JmYnY0LmNybDA+oDygOoY4aHR0cDovL2NlcnRp
    ZmljYWRvczIuc2VycHJvLmdvdi5ici9sY3IvYWNzZXJwcm9yZmJ2NC5jcmwwRqBE
    oEKGQGh0dHA6Ly9yZXBvc2l0b3Jpby5pY3BicmFzaWwuZ292LmJyL2xjci9zZXJw
    cm8vYWNzZXJwcm9yZmJ2NC5jcmwwVgYIKwYBBQUHAQEESjBIMEYGCCsGAQUFBzAC
    hjpodHRwOi8vcmVwb3NpdG9yaW8uc2VycHJvLmdvdi5ici9jYWRlaWFzL2Fjc2Vy
    cHJvcmZidjQucDdiMIHlBgNVHREEgd0wgdqgOwYFYEwBAwigMgQwU0VSVklDTyBG
    RURFUkFMIERFIFBST0NFU1NBTUVOVE8gREUgREFET1MgU0VSUFJPoD0GBWBMAQME
    oDQEMjE4MDMxOTgwMjg1NjAxNjg4MDAwMDAwMDAwMDAwMDAwMDAwMDAyOTQxOTM5
    M1NTUFNQoCIGBWBMAQMCoBkEF0VEVUFSRE8gWU9TSElEQSBTQUxPTUFPoBkGBWBM
    AQMDoBAEDjMzNjgzMTExMDAwMTA3gR1lZHVhcmRvLnNhbG9tYW9Ac2VycHJvLmdv
    di5icjAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
    BwMCMA0GCSqGSIb3DQEBCwUAA4ICAQBKUwvcSJl8IXFaMGRfy9bSU3eum1ETkLe/
    f7rlPok3z7xoi//RSEmuHSzopkfIooq1H3zX4PZuawjC/oZ1y3TFL4m2lxcY5rvx
    pZMWibC5aAoDZaTw+B4pzQTBFTQEpQO6y49sq0/HrRpGmrLUFcXV1dhkVKAzXzOt
    ST6BO1sNGJCZzfYopD1DFdhmGDkQnUp2Ws9k2rNt72le8/MZ/2mI2aFTdmgUNdVQ
    bs0pCXPSWdB9Hw0nt+Z3r75uX/Yimh+NUI1BCuItzBrFjMT7JA2n5cnInTCGuBY6
    c041xoI19vbwa+vz+7+KMtV/ecl/H8NuIsPRmYqr6kQDqHXu7SvgRMPKj8nobjxa
    w/6TB4g2DRsu8C4R8SJWNyW9HXGgbqOv7dU+yEWs75/NaRmEzEMQZWmvE2xPNb0s
    Z7F8bb8o6gMfAOWUgVHChcCNV/MAdi0zKojvgNBJYxocwyz/mBstRNv5d5DdL0+9
    zroSatTsD8VBatL01TpJWc+dMXbPW9z7g6jUQT0jEGizNUGzJD+EgBJixKfCAIDs
    HsGOJQ/zYQ7Mbos4mTVMieUmm9CxSV3Oxe2qwa/mqR2Bvhrf6WrrUuSVu477LOgO
    mIGsV0+wj2AkYEwKsg1IWZFUqzZv5uFEflcfBFLbmyfT7J13ezu4gQa3ieOpCMg9
    Qkj9S/CN+Q==
    -----END CERTIFICATE-----
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 r语言Hurst指数
  • ¥15 Acrn IVSHMEM doorbell问题
  • ¥15 yolov5中的val测试集训练时数量变小问题
  • ¥15 MPLS/VPN实验中MPLS的配置问题
  • ¥15 materialstudio氢键计算问题
  • ¥15 echarts图表制作
  • ¥15 halcon根据玻璃面板纹路取区域
  • ¥15 HFSS设计小型化180度耦合器
  • ¥15 使用CInternetSession,CHttpFile读取网页文件时有些电脑上会卡住怎么办?
  • ¥15 水下机器人的半物理仿真研究