Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

编译后使用curl函数时会报错 #24

Closed
TNT-ma opened this issue Feb 4, 2023 · 7 comments
Closed

编译后使用curl函数时会报错 #24

TNT-ma opened this issue Feb 4, 2023 · 7 comments
Labels
kind/extension Issues related to extensions question Further information is requested
Milestone
2.0 robust version

Comments

@TNT-ma
Copy link

TNT-ma commented Feb 4, 2023

报错内容:cURL error 77: error setting certificate verify

项目使用了一个定时自动curl请求第三方地址
正常PHP环境运行 没问题
打包phar后运行·也没有问题
当和php二进制文件组合后报错
@jingjingxyk
Copy link
Contributor

jingjingxyk commented Feb 4, 2023
edited
Loading

@TNT-ma 运行时需要指定 PHP.ini 里面 curl 的证书

证书这里下载:https://curl.haxx.se/docs/caextract.html

wget https://curl.se/ca/cacert.pem

办法一: 更改 php.ini设置

   ini_set('curl.cainfo',__DIR__.'/cacert.pem') ;
  
   ini_get('curl.cainfo')

办法二: 运行程序时指定my-custom-curl.ini 配置

自定义 php.ini : my-custom-curl.ini 设置

my-custom-curl.ini 配置内容如下:


curl.cainfo=/etc/cacert.pem

运行程序是指定配置

php -c  my-custom-curl.ini   app.phar

@crazywhalecc crazywhalecc added question Further information is requested kind/extension Issues related to extensions labels Feb 28, 2023
@crazywhalecc crazywhalecc mentioned this issue Mar 28, 2023
Closed
40 tasks
@crazywhalecc crazywhalecc added this to the 2.0 robust version milestone Apr 21, 2023
@he426100
Copy link

he426100 commented May 5, 2023

@jingjingxyk 全都试了,不起作用,还是报错 SSL certificate problem: unable to get local issuer certificate,执行ini_get('curl.cainfo')返回值是空,ini_set('curl.cainfo',__DIR__.'/cacert.pem')会报false

@jingjingxyk
Copy link
Contributor

@jingjingxyk 全都试了,不起作用,还是报错 SSL certificate problem: unable to get local issuer certificate,执行ini_get('curl.cainfo')返回值是空,ini_set('curl.cainfo',__DIR__.'/cacert.pem')会报false

使用软连接这种方式了吗? : 大佬给的办法swoole/swoole-cli#88

@he426100
Copy link

he426100 commented May 9, 2023
edited
Loading

./swoole-cli -d 'curl.cainfo="/etc/ssl/cacert.pem"' -d 'openssl.cafile="/etc/ssl/cacert.pem"' your_application.php
./swoole-cli -c /etc/my_custom.ini your_application.php
这两个可以

@TNT-ma
Copy link
Author

TNT-ma commented May 10, 2023

@jingjingxyk 全都试了,不起作用,还是报错 SSL certificate problem: unable to get local issuer certificate,执行ini_get('curl.cainfo')返回值是空,ini_set('curl.cainfo',__DIR__.'/cacert.pem')会报false

这个问题老版本的时候就一直存在,而且我也提过
二进制打包的环境默认curl 使用的整数路径为:/etc/ssl/certs/ca-certificates.crt

而系统自带的整数路径为:/etc/ssl/certs/ca-bundle.crt 和 /etc/ssl/certs/ca-bundle.trust.crt

解决办法1
在自己的打包项目内置一个crt,在启动时判断is_file判断/etc/ssl/certs/ca-certificates.crt 文件是否存在
如果不存在则把自己内置的crt文件 复制到:/etc/ssl/certs/ca-certificates.crt

我的解决办法
是在启动PHP时 判断了:/etc/ssl/certs/ca-certificates.crt 文件 是否存在
如果不存在则
shell_exec("cp /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt");

我的代码是这么写的:
#CURL证书检查 $crt = "/etc/ssl/certs/ca-certificates.crt"; if(!is_file($crt)){ if(is_file("/etc/ssl/certs/ca-bundle.crt")){ shell_exec("cp /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt"); }else if(is_file("/etc/ssl/certs/ca-bundle.trust.crt")){ shell_exec("cp /etc/ssl/certs/ca-bundle.trust.crt /etc/ssl/certs/ca-certificates.crt"); } }

@crazywhalecc
Copy link
Owner

我感觉这个可以通过 patch php-curl 的源码来实现。

@crazywhalecc
Copy link
Owner

现在可以通过在编译时植入硬编码的 php ini 选项进行绑定系统的 cacert 文件了,且 macOS 系统下默认绑定了系统路径的证书。

@crazywhalecc crazywhalecc mentioned this issue Dec 24, 2024
Merged
3 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
kind/extension Issues related to extensions question Further information is requested
Projects
No open projects
static-php-cli feature update
Status: Done
Milestone
2.0 robust version
Development

No branches or pull requests
4 participants
@jingjingxyk @he426100 @crazywhalecc @TNT-ma