Laravel Guzzle : curl error 77 error setting certificate verify locations

Question

• 操作系统:Ubuntu 16.04
• PHP:7.2
• CURL:curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
• Guzzle :6.3

我的项目目前正在使用一些依赖于 Guzzle 的包，例如:AWS、Mailgun...但是，它经常抛出这个错误:

error: cURL error 77: error setting certificate verify locations:
CAfile: /etc/ssl/certs
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

下面是我的php.ini的一部分

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo='/etc/ssl/certs/ca-certificates.crt'

[openssl]
; The location of a Certificate Authority (CA) file on the local     filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile='/etc/ssl/certs/ca-certificates.crt'

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath='/etc/ssl/certs/'

这些都不起作用，即使通过 ini_get() 进行检索也是可以的，并且已被完全识别。现在，我必须通过修改 vendor/guzzlehttp/guzzle/src/Client.php 并将默认配置调整为 'verify' => '/etc/ssl/certs/来解决问题ca-certificates.crt' 然后一切正常(我认为这不是一个好的选择)

通过 init_get() 检索

array(8) {
["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=>  string(13) "SSL_CERT_FILE"
["default_cert_dir"]=>  string(18) "/usr/lib/ssl/certs"
["default_cert_dir_env"]=>  string(12) "SSL_CERT_DIR"
["default_private_dir"]=>  string(20) "/usr/lib/ssl/private"
["default_default_cert_area"]=>  string(12) "/usr/lib/ssl"
["ini_cafile"]=>  string(34) "/etc/ssl/certs/ca-certificates.crt"
["ini_capath"]=>  string(15) "/etc/ssl/certs/"
}

openssl.cafile: /etc/ssl/certs/ca-certificates.crt
curl.cainfo: /etc/ssl/certs/ca-certificates.crt

注意:我已经尝试设置 ~/.curlrc 和 export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt 但这些都不起作用

有没有人有任何解决方案或任何线索来解决这个问题？

Answer 1

关于“SSL 证书问题:无法获取本地颁发者证书”错误。很明显，这适用于发送 CURL 请求的系统(而不是接收请求的服务器)

1. 从https://curl.haxx.se/ca/cacert.pem下载最新的cacert.pem

2. 将以下行添加到 php.ini(如果这是共享主机并且您无权访问 php.ini，那么您可以将其添加到 public_html 中的 .user.ini)

   curl.cainfo="/path/to/downloaded/cacert.pem"
   

   确保将路径括在双引号内!!!

3. 授予您的 Web 服务器用户(如 ngnix 或 www-data)读取该文件的权限。

   sudo chown www-data /etc/ssl/certs/cacert.pem
   

4. 最后一步重启 fpm 和 ngnix 或 apache