问题
this has been driving me crazy for a couple of weeks now.
I usually do my development on a CentOS 7 box, but recently i've started using Xampp on Windows 10 and using the CentOS box to commit code to & client testing.
Everything works fine on the linux box, but on Windows any SSL/TLS calls are failing, and from what I can tell it's due to the new PHP5.6 feature of verifying peer certificates and host names by default - http://php.net/manual/en/migration56.openssl.php
I've read just about every how-to guide online, and on SO, and as far as I know I've tried everything, but am getting nowhere.
Please can someone help?!
Extension extension=php_openssl.dll is enabled in php.ini, and so is extension=php_curl.dll.
I've also downloaded cert files and added the following to my php.ini..
curl.cainfo = "C:\xampp\php\certs\curl-ca-bundle.crt"
curl.capath = "C:\xampp\php\certs\"
openssl.cafile= "C:\xampp\php\certs\curl-ca-bundle.crt"
openssl.capath= "C:\xampp\php\certs\"
The errors I am getting are:
For SMTP calls using TLS:
PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in W:\libraries\Zend\Mail\Protocol\Smtp.php on line 206
For cURL calls:
API call to messages/send failed: error setting certificate verify locations: CAfile: C:\xampp\php\certs\cacert.pem CApath: none
The contents of the C:\xampp\php\certs\ directory is:
ca-bundle.trust.crt
cacert.pem
curl-ca-bundle.crt
I have restarted Apache, and even tried using curl.exe as a standalone program in command line, which works fine requesting HTTPS domains (not sure if that is relevant, but I tried it anyway!)
I have also tried adding the following to php.ini (and restarting Apache) which has no effect..
openssl.verify_peer= false
openssl.verify_peer_name = false
Any ideas?
回答1:
The error message error setting certificate verify locations comes from libcurl itself and means it couldn't find or open the CAFile specified.
On Windows, I think it will work if you change the path from:
curl.cainfo = "C:\xampp\php\certs\curl-ca-bundle.crt"
to
curl.cainfo = "C:/xampp/php/certs/curl-ca-bundle.crt"
The same probably goes for OpenSSL but I haven't tested to confirm.
回答2:
Turns out this was a permissions issue and the certs file wasn't being read - moving the C:/xampp/php/certs/ folder to another location (in my user directory for instance) solved the problem :)
HTH
来源:https://stackoverflow.com/questions/34087962/ssl-tls-operations-failing-php5-6-curl-ca-bundle-crt-cacert-pem