- 操作系统:Ubuntu 16.04
- PHP:7.2
- CURL:curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
- Guzzle :6.3
我的项目目前正在使用一些依赖于 Guzzle 的包,例如:AWS、Mailgun...但是,它经常抛出这个错误:
error: cURL error 77: error setting certificate verify locations:
CAfile: /etc/ssl/certs
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
下面是我的php.ini的一部分
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo='/etc/ssl/certs/ca-certificates.crt'
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile='/etc/ssl/certs/ca-certificates.crt'
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath='/etc/ssl/certs/'
这些都不起作用,即使通过 ini_get() 进行检索也是可以的,并且已被完全识别。现在,我必须通过修改 vendor/guzzlehttp/guzzle/src/Client.php 并将默认配置调整为 'verify' => '/etc/ssl/certs/来解决问题ca-certificates.crt' 然后一切正常(我认为这不是一个好的选择)
通过 init_get() 检索
array(8) {
["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=> string(13) "SSL_CERT_FILE"
["default_cert_dir"]=> string(18) "/usr/lib/ssl/certs"
["default_cert_dir_env"]=> string(12) "SSL_CERT_DIR"
["default_private_dir"]=> string(20) "/usr/lib/ssl/private"
["default_default_cert_area"]=> string(12) "/usr/lib/ssl"
["ini_cafile"]=> string(34) "/etc/ssl/certs/ca-certificates.crt"
["ini_capath"]=> string(15) "/etc/ssl/certs/"
}
openssl.cafile: /etc/ssl/certs/ca-certificates.crt
curl.cainfo: /etc/ssl/certs/ca-certificates.crt
注意:我已经尝试设置 ~/.curlrc 和 export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt 但这些都不起作用
有没有人有任何解决方案或任何线索来解决这个问题?
最佳答案
关于“SSL 证书问题:无法获取本地颁发者证书”错误。很明显,这适用于发送 CURL 请求的系统(而不是接收请求的服务器)
从https://curl.haxx.se/ca/cacert.pem下载最新的cacert.pem
将以下行添加到 php.ini(如果这是共享主机并且您无权访问 php.ini,那么您可以将其添加到 public_html 中的 .user.ini)
curl.cainfo="/path/to/downloaded/cacert.pem"
确保将路径括在双引号内!!!
授予您的 Web 服务器用户(如 ngnix 或 www-data)读取该文件的权限。
sudo chown www-data /etc/ssl/certs/cacert.pem
最后一步重启 fpm 和 ngnix 或 apache
关于Laravel Guzzle : curl error 77 error setting certificate verify locations,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50345702/