Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/277.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/google-app-engine/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
php 5.6 ssl证书验证_Php_Ssl - Fatal编程技术网
Fatal编程技术网
  • php/
  • php 5.6 ssl证书验证

php 5.6 ssl证书验证

php ssl

php 5.6 ssl证书验证,php,ssl,Php,Ssl,我正试图调试ssl证书验证的一个问题,并已确定openssl获取证书位置时返回了不正确的路径。(见下文) 我该如何设置它?我查看了php.ini文件,在任何地方都找不到这个引用 cmuench-air:bin cmuench$ ./php -r "print_r(openssl_get_cert_locations());" Array ( [default_cert_file] => /bitnami/mampstack56Dev-osx-x64/output/common/op

我正试图调试ssl证书验证的一个问题,并已确定openssl获取证书位置时返回了不正确的路径。(见下文)

我该如何设置它?我查看了php.ini文件,在任何地方都找不到这个引用

cmuench-air:bin cmuench$ ./php -r "print_r(openssl_get_cert_locations());"
Array
(
    [default_cert_file] => /bitnami/mampstack56Dev-osx-x64/output/common/openssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /bitnami/mampstack56Dev-osx-x64/output/common/openssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /bitnami/mampstack56Dev-osx-x64/output/common/openssl/private
    [default_default_cert_area] => /bitnami/mampstack56Dev-osx-x64/output/common/openssl
    [ini_cafile] => 
    [ini_capath] => 
)
ini(相关部分)…我在任何地方都看不到bitnami/mampstack56Dev

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=

;Curl ca bundle certificate
curl.cainfo="/Applications/phppos/common/openssl/certs/curl-ca-bundle.crt"
编辑:

我知道这很愚蠢,但有时ssl证书会进行自签名。是否有ini设置可以修改以禁用检查所有证书?或者我必须在sockets和curl的代码中这样做吗?

如果您检查函数的PHP源代码,它将通过调用各种OpenSSL函数(例如,并查看
PHP.ini
OpenSSL.cafile
OpenSSL.capath
来获取这些位置

您到底在寻找什么证书/路径?如果您试图获取CA bundle文件,可以设置上面引用的
php.ini
值,以便它们由
openssl\u get\u cert\u位置返回

PHP5.6的默认
php.ini
文件没有OpenSSL ini设置的默认设置,因为它们需要手动定义。此配置位于
php.ini


[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=


使用cURL时,如果要禁用证书验证,可以将这些选项传递给:


CURLOPT\u SSL\u VERIFYPEER
描述如下:

FALSE停止cURL验证对等方的证书。候补
可以使用指定要验证的证书
可以使用指定CURLOPT_CAINFO选项或证书目录
CURLOPT_CAPATH选项


CURLOPT\u SSL\u VERIFYHOST
描述为:

1检查SSL对等证书中是否存在公共名称。
2检查公共名称是否存在,并验证其
与提供的主机名匹配。在生产环境中
此选项应保持为2(默认值)

如果您有CA文件,您可以使用选项
CURLOPT_CAINFO
提供包含一个或多个证书的文件的完整路径,以验证对等方

要禁用对使用
fsockopen
打开的流的检查,请尝试:


<?php
$context = stream_context_create();
$result = stream_context_set_option($context, 'ssl', 'verify_peer', false);

$socket = stream_socket_client('ssl://'.$host . ':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); 



我正在尝试获取有效路径,但找不到它。一旦我查找了这些设置,我会用php.ini更新我的问题。我发布了我的php.ini和那个部分。ca文件和ca路径之间的区别是什么?什么是ca信息?其中是刚才在OP上评论的默认证书目录(路径)。CA文件是CA文件的路径,路径只是基于名称的CA文件搜索路径(目录)。这些默认路径来自基于其安装目录的OpenSSL。如果您将证书放在该文件夹中,PHP将根据这些值来提取证书!最后一个问题。有没有办法禁用curl和sockets的所有证书验证?或者我必须向每个函数传递一个变量吗?这些bitnami/mampstack路径是通过调用本机OpenSSL函数返回的操作系统管理的路径。这些默认路径是根据OpenSSL安装路径定义的:请看,您可能需要手动将路径编码到脚本中,以查找正确的证书或将其放入该目录中。那么,这些路径是在二进制文件中硬编码的,我真的无法找到吗?它们最终被硬编码,因为它们被编译为基于OpenSSL的路径配置和编译软件时使用的配置选项。

<?php
$context = stream_context_create();
$result = stream_context_set_option($context, 'ssl', 'verify_peer', false);

$socket = stream_socket_client('ssl://'.$host . ':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);