`

WAMP安装curl扩展并发起https请求

    博客分类:
  • PHP
 
阅读更多

wamp安装curl扩展的方法:

 

http://blog.csdn.net/superuser007/article/details/5781095

 

安装出现 PHP Extension "curl" must be loaded 错误。
解决方法如下:
1> 在 WAMP或XAMPP 目录下“搜索”功能查找到 httpd.conf:

 

                   把

 

#LoadModule rewrite_module modules/mod_rewrite.so

 

                   改

 

LoadModule rewrite_module modules/mod_rewrite.so

 

         (只是去除 # 号)

 

         2> 用上面同样的方法查找到 php.ini( 这里可能有两个 php.ini 文件,两个都要改 )

 

 

;extension=php_mcrypt.dll

 

 

                    extension=php_mcrypt.dll

 

 

 

 

;extension=php_curl.dll

 

 

                    extension=php_curl.dll

 

 

                     ;extension=php_pdo_mysql.dll

 

 

                    extension=php_pdo_mysql.dll

 

( 只是去除 ; )

 

http 使用curl发起https请求

今天一个同事反映,使用curl发起https请求的时候报错:“SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed”

很明显,验证证书的时候出现了问题。

使用curl如果想发起的https请求正常的话有2种做法:

方法一、设定为不验证证书和host。

在执行curl_exec()之前。设置option

$ch = curl_init();

......

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

 

方法二、设定一个正确的证书。

本地ssl判别证书太旧,导致链接报错ssl证书不正确。

我们需要下载新的ssl 本地判别文件

http://curl.haxx.se/ca/cacert.pem

放到 程序文件目录

curl 增加下面的配置

   curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,true); ;
   curl_setopt($ch,CURLOPT_CAINFO,dirname(__FILE__).'/cacert.pem');

大功告成

(本人验证未通过。。。报错信息为:SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)

如果对此感兴趣的话可以参看国外一大神文章。http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

为了防止某天该文章被Q今复制过来。内容如下:

Using cURL in PHP to access HTTPS (SSL/TLS) protected sites

From PHP, you can access the useful cURL Library (libcurl) to make requests to URLs using a variety of protocols such as HTTP, FTP, LDAP and even Gopher. (If you’ve spent time on the *nix command line, most environments also have the curl command available that uses the libcurl library)

In practice, however, the most commonly-used protocol tends to be HTTP, especially when using PHP for server-to-server communication. Typically this involves accessing another web server as part of a web service call, using some method such as XML-RPC or REST to query a resource. For example, Delicious offers a HTTP-based API to manipulate and read a user’s posts. However, when trying to access a HTTPS resource (such as the delicious API), there’s a little more configuration you have to do before you can get cURL working right in PHP.

 

The problem

If you simply try to access a HTTPS (SSL or TLS-protected resource) in PHP using cURL, you’re likely to run into some difficulty. Say you have the following code: (Error handling omitted for brevity)

// Initialize session and set URL. 
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); 
// Set so curl_exec returns the result instead of outputting it. 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
// Get the response and close the channel. 
$response = curl_exec($ch); 
curl_close($ch);

If $url points toward an HTTPS resource, you’re likely to encounter an error like the one below:

Failed: Error Number: 60. Reason: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The problem is that cURL has not been configured to trust the server’s HTTPS certificate. The concepts of certificates and PKI revolves around the trust of Certificate Authorities (CAs), and by default, cURL is setup to not trust any CAs, thus it won’t trust any web server’s certificate. So why don’t you have problems visiting HTTPs sites through your web browser? As it happens, the browser developers were nice enough to include a list of default CAs to trust, covering most situations, so as long as the website operator purchased a certificate from one of these CAs.

The quick fix

There are two ways to solve this problem. Firstly, we can simply configure cURL to accept any server(peer) certificate. This isn’t optimal from a security point of view, but if you’re not passing sensitive information back and forth, this is probably alright. Simply add the following line before calling curl_exec():

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

This basically causes cURL to blindly accept any server certificate, without doing any verification as to which CA signed it, and whether or not that CA is trusted. If you’re at all concerned about the data you’re passing to or receiving from the server, you’ll want to enable this peer verification properly. Doing so is a bit more complicated.

The proper fix

The proper fix involves setting the CURLOPT_CAINFO parameter. This is used to point towards a CA certificate that cURL should trust. Thus, any server/peer certificates issued by this CA will also be trusted. In order to do this, we first need to get the CA certificate. In this example, I’ll be using the https://api.del.icio.us/ server as a reference.

First, you’ll need to visit the URL with your web browser in order to grab the CA certificate. Then, (in Firefox) open up the security details for the site by double-clicking on the padlock icon in the lower right corner:

Then click on “View Certificate”:

Bring up the “Details” tab of the cerficates page, and select the certificate at the top of the hierarchy. This is the CA certificate.

Then click “Export”, and save the CA certificate to your selected location, making sure to select the X.509 Certificate (PEM) as the save type/format.

Now we need to modify the cURL setup to use this CA certificate, with CURLOPT_CAINFO set to point to where we saved the CA certificate file to.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/CAcerts/BuiltinObjectToken-EquifaxSecureCA.crt");

The other option I’ve included, CURLOPT_SSL_VERIFYHOST can be set to the following integer values:

  • 0: Don’t check the common name (CN) attribute
  • 1: Check that the common name attribute at least exists
  • 2: Check that the common name exists and that it matches the host name of the server

If you have CURLOPT_SSL_VERIFYPEER set to false, then from a security perspective, it doesn’t really matter what you’ve set CURLOPT_SSL_VERIFYHOST to, since without peer certificate verification, the server could use any certificate, including a self-signed one that was guaranteed to have a CN that matched the server’s host name. So this setting is really only relevant if you’ve enabled certificate verification.

This ensures that not just any server certificate will be trusted by your cURL session. For example, if an attacker were to somehow redirect traffic from api.delicious.com to their own server, the cURL session here would not properly initialize, since the attacker would not have access to a server certificate (i.e. would not have the private key) trusted by the CA we added. These steps effectively export the trusted CA from the web browser to the cURL configuration.

More information

If you have the CA certificate, but it is not in the PEM format (i.e. it is in a binary or DER format that isn’t Base64-encoded), you’ll need to use something like OpenSSL to convert it to the PEM format. The exact command differs depending on whether you’re converting from PKCS12 or DER format.

There is a CURLOPT_CAPATH option that allows you to specify a directory that holds multiple CA certificates to trust. But it’s not as simple as dumping every single CA certificate in this directory. Instead, they CA certificates must be named properly, and the OpenSSL c_rehash utility can be used to properly setup this directory for use by cURL.

 

分享到:
评论

相关推荐

    完整版wamp安装

    这个“完整版wamp安装”包含了构建动态网站所需的所有组件,使得开发者可以在自己的个人电脑上进行网站开发而无需远程服务器。下面将详细介绍WAMP的组成部分以及安装过程中的关键步骤。 1. **Windows**:作为操作...

    php curl安装 php中没有编译curl的解决方法for windows

    总之,为Windows上的PHP安装cURL扩展需要下载正确的DLL文件,编辑`php.ini`配置,并重启服务器。一旦安装成功,你就可以利用PHP的cURL功能轻松地执行HTTP请求,实现诸如文件上传、下载、网页抓取等多种功能。

    php_curl.dll文件,适合win8、win8.1,wamp中无法启动curl的问题

    在win8、win8.1之中,wamp启动curl出现无法启动的情况,应该就是php_curl.dll出现了问题,这里准备了4个不同版本的php_curl.dll,请对应版本下载,亲测,有效,所以上传上来,方便大家使用。

    WAMP安装配置 套件安装后的配置

    首先,安装Apache是搭建WAMP环境的基础步骤。Apache作为Web服务器,负责处理HTTP请求并返回响应。安装过程中,有几个关键配置项需要注意: - **Network Domain**: 这里设置为`yyphp`,意味着你在本地网络中可以通过...

    最新WAMP_Memcache安装 PHP5.2至5.4各版本扩展

    php_memcache.dll不好找啊,现把自己精心收集的php_memcache.dll扩展共享出来,php_memcache.dll包含以下几个版本: php_memcache.dll适合PHP5.2、PHP5.3、PHP5.4、PHP5.5系列

    wamp3.3.0,wamp3.3.0,wamp3.3.0

    wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0wamp3.3.0...

    安装Wamp出错解决方法

    3. **安装并注册DLL文件**:下载完成后,运行安装程序,按照提示进行安装。安装完毕后,系统会自动注册所需的DLL文件,包括MSVCR.dll。 4. **手动注册**:如果问题依然存在,可能需要手动注册DLL文件。你可以通过...

    安装WAMP和WordPress

    **安装WAMP和WordPress**是将一个本地Web服务器环境与流行的开源内容管理系统(CMS)结合的过程,这在进行网站开发、测试或维护时非常常见。WAMP代表Windows、Apache、MySQL和PHP,这是一个在Windows操作系统上搭建...

    wamp安装教程

    ### WAMP Server 在 Windows 环境下的安装与配置详细教程 #### 一、WAMP Server 的安装 WAMP Server 是一款在 Windows 平台上搭建 Web 开发环境的软件包,包含了 Apache Web 服务器、MySQL 数据库以及 PHP 解释器...

    wamp一键安装环境

    wamp一键安装环境,php5.3版本,安装方便

    安装wamp缺少的文件

    在给定的压缩包"安装wamp缺少的文件"中,很可能包含了这些必要的DLL文件,可以将它们解压并复制到系统目录(如C:\Windows\System32)或者WAMP的相应目录下。 安装过程中的注意事项: 1. **检查系统需求**:确保你...

    wamp下 PHP 加redis扩展

    这篇博客文章"在WAMP下PHP添加Redis扩展"将指导我们如何在Windows环境下的WAMP服务器上安装和配置PHP的Redis扩展,以利用Redis的强大功能。 首先,安装Redis扩展需要以下步骤: 1. **下载扩展**:PHP的Redis扩展...

    搭建wamp 安装wordpress

    在本文中,我们将深入探讨如何使用WAMP(Windows Apache MySQL PHP)服务器来搭建本地环境,并在其中安装WordPress,创建一个静态网页平台。WAMP是一种在Windows操作系统上运行的集成开发环境,它允许用户在本地机器...

    64位wamp2.2和安装出错说明

    【64位WAMP2.2安装与故障排除】 WAMP(Windows Apache MySQL PHP)是一个在Windows操作系统上搭建本地Web开发环境的工具,版本2.2e是其中的一个64位版本。它集成了Apache服务器、MySQL数据库和PHP解释器,为开发者...

    64位php_curl.dll文件

    1. **版本不匹配**:64位WAMP服务器可能安装了与之不兼容的32位PHP_curl扩展,导致无法正常工作。 2. **缺失依赖**:PHP_curl.dll文件依赖于某些库,如果这些库没有正确安装或者版本不匹配,也会导致错误。 3. **...

    wamp+phpmyadmin5.1.1 for php8+php8-32bit-X86+php8-64bit-X64.rar

    从压缩包内的文件名称列表 "windows下wamp推荐环境安装与扩展" 可以推测,压缩包内可能包含有安装指南和教程,指导用户如何在Windows操作系统上安装和配置WAMP环境,以及如何扩展和优化该环境,以适应PHP8的运行需求...

    wamp 64位安装包

    在WAMP中,Apache负责接收HTTP请求并返回相应的网页内容。在安装过程中,Apache的配置文件通常会预设为适合本地开发的设置,比如绑定到localhost(127.0.0.1)和端口80。 2. **MySQL数据库**:MySQL是一个关系型...

    windows安装intl扩展

    标题中的“Windows安装intl扩展”指的是在Windows操作系统环境下安装并启用PHP的intl(国际化)扩展。这个过程对于那些需要处理多语言环境或者进行全球化(i18n)和本地化(l10n)功能的PHP应用至关重要。下面将详细...

Global site tag (gtag.js) - Google Analytics