Xml &引用;SSL证书pró;“问题”;当连接到eBay时
我想从易趣上检索分类。这是我的代码:Xml &引用;SSL证书pró;“问题”;当连接到eBay时,xml,ssl,curl,categories,Xml,Ssl,Curl,Categories,我想从易趣上检索分类。这是我的代码: function getCategories(){ $endpoint = "https://api.ebay.com/ws/api.dll"; //$endpoint = 'http://svcs.ebay.com/services/search/FindingService/v1'; $api_dev_name = "XXX"; $api_app_name = "XXX"; $api_cert_name =
function getCategories(){
$endpoint = "https://api.ebay.com/ws/api.dll";
//$endpoint = 'http://svcs.ebay.com/services/search/FindingService/v1';
$api_dev_name = "XXX";
$api_app_name = "XXX";
$api_cert_name = "XXX";
$auth_token = "XXX";
$headers = array(
'X-EBAY-API-COMPATIBILITY-LEVEL: 819',
'X-EBAY-API-DEV-NAME: '.$api_dev_name,
'X-EBAY-API-APP-NAME: '.$api_app_name,
'X-EBAY-API-CERT-NAME: '.$api_cert_name,
'X-EBAY-API-CALL-NAME: GetCategories',
'X-EBAY-API-OPERATION-NAME: GetCategories',
'X-EBAY-API-SITEID: EBAY-US',
'Content-Type:text/xml'
);
$xmlRequest = "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
$xmlRequest .= "<GetCategoriesRequest xmlns=\"urn:ebay:apis:eBLBaseComponents\">";
$xmlRequest .= "<RequesterCredentials>";
$xmlRequest .= "<eBayAuthToken>{$auth_token}</eBayAuthToken>";
$xmlRequest .= "</RequesterCredentials>";
$xmlRequest .= "<CategorySiteID>0</CategorySiteID>";
$xmlRequest .= "<DetailLevel>ReturnAll</DetailLevel>";
$xmlRequest .= "</GetCategoriesRequest>";
$xmlRequestEncode = utf8_encode($xmlRequest);
$curl = curl_init();
curl_setopt_array($curl,
array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_URL => $endpoint,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xmlRequestEncode,
CURLOPT_HTTPHEADER => $headers
)
);
$response = curl_exec($curl);
if (!$response) {
die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
} else {
echo $response;
}
curl_close($curl);
}
getCategories();
函数getCategories(){
$endpoint=”https://api.ebay.com/ws/api.dll";
//$endpoint=http://svcs.ebay.com/services/search/FindingService/v1';
$api_dev_name=“XXX”;
$api\u app\u name=“XXX”;
$api_cert_name=“XXX”;
$auth_token=“XXX”;
$headers=数组(
“X-EBAY-API-COMPATIBILITY-LEVEL:819”,
“X-EBAY-API-DEV-NAME:”。$API_DEV_NAME,
“X-EBAY-API-APP-NAME:”。$API\u APP\u NAME,
“X-EBAY-API-CERT-NAME:”。$API\u CERT\u名称,
“X-EBAY-API-CALL-NAME:GetCategories”,
“X-EBAY-API-OPERATION-NAME:GetCategories”,
“X-EBAY-API-SITEID:EBAY-US”,
'内容类型:text/xml'
);
$xmlRequest=“”;
$xmlRequest.=”;
$xmlRequest.=”;
$xmlRequest.=“{$auth_token}”;
$xmlRequest.=”;
$xmlRequest.=“0”;
$xmlRequest.=“ReturnAll”;
$xmlRequest.=”;
$xmlRequestEncode=utf8_encode($xmlRequest);
$curl=curl_init();
curl_setopt_数组($curl,
排列(
CURLOPT_RETURNTRANSFER=>true,
CURLOPT_URL=>$endpoint,
CURLOPT_POST=>true,
CURLOPT_POSTFIELDS=>$xmlRequestEncode,
CURLOPT_HTTPHEADER=>$headers
)
);
$response=curl\u exec($curl);
如果(!$response){
die('Error:'.curl_Error($curl)。'-代码:'.curl_errno($curl));
}否则{
回音$应答;
}
curl_close($curl);
}
getCategories();
$api\u dev\u name
、$api\u app\u name
、$api\u cert\u name
和$auth\u token
在生产环境中有效、活动且已设置
我从curl得到这个错误:
错误:“SSL证书问题,验证CA证书是否正常。详细信息:错误:14090086:SSL例程:SSL3\u获取\u服务器\u证书:证书验证失败”-代码:60
为什么会出现此错误?根据OpenSSL的
s\u客户端
:
$ openssl s_client -connect svcs.ebay.com:443
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=San Jose/O=eBay, Inc./OU=eBay Site Operations/CN=svcs.ebay.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
---
...
因此,您需要信任第3类公共初级证书颁发机构-G2
。你可以下载表格。抓住标有根1且带有指纹85 37 1c a6 e5 50 14 3d ce 28 03 47 1b de 3a 09 e8 f8 77 0f
下载ZIP文件后,可以在第2代(G2)PCAs文件夹中找到它。其命名的3级公共初级证书颁发机构—G2.pem
最后,告诉cURL使用您下载的根证书。我现在无法访问cURL.haxx.se上的cURL文档,因此我无法告诉您如何调用它
不要加载包含数百个CA的CA文件。您知道Verisign认证易趣的证书,因此只需使用所需的Verisign CA。不要让攻击者让您相信其他情况(例如,Truswave声称他们认证易趣)。只需在curl\u setopt\u数组中添加新的两行
CURLOPT_SSL_VERIFYPEER => false, // new code
CURLOPT_SSL_VERIFYHOST => false // new code
客户端代码(curl)无法验证远程站点提供的SSL证书。curl包必须能够指定用于验证证书的证书存储。可能是一个复制品的复制品的伟大!这很有帮助。因为我不想使用自己的证书,所以只需将CURLOPT_SSL_VERIFYPEER=>false添加到curl选项中。现在它工作得很好。