使用 php 通过 https 加载外部 xml 文件时出错:SSL3_GET_SERVER_CERTIFICATE
[英]Error when loading external xml file with php via https : SSL3_GET_SERVER_CERTIFICATE
问题描述
I can't get a xml file to load.
我无法加载 xml 文件。
This code works great:这段代码效果很好:
$url = 'http://www.w3schools.com/xml/note.xml';
$xml = simplexml_load_file($url);
print_r($xml);
But this one但是这个
$url = 'https://www.boardgamegeek.com/xmlapi2/thing?id=105551';
$xml = simplexml_load_file($url);
print_r($xml);
doesn't work.不起作用。 I get this error:我收到此错误:
Warning: simplexml_load_file(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19 Warning: simplexml_load_file(): Failed to enable crypto in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19 Warning: simplexml_load_file( https://www.boardgamegeek.com/xmlapi2/thing?id=105551 ): failed to open stream: operation failed in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19 Warning: simplexml_load_file(): I/O warning : failed to load external entity " https://www.boardgamegeek.com/xmlapi2/thing?id=105551 " in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19
The xml file from boardgamegeek works on other sites.来自 boardgamegeek 的 xml 文件适用于其他站点。 Should I use a different php code to load that xml file?我应该使用不同的 php 代码来加载那个 xml 文件吗?
2 个解决方案
解决方案1
12 已采纳 2015-09-17 04:09:35
short cookbook answer:简短的食谱答案:
- Download https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt and place that file on your server.下载https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt并将该文件放在您的服务器上。
Add
添加$context = stream_context_create(array('ssl'=>array($context = stream_context_create(array('ssl'=>array(\n 'verify_peer' => true, 'verify_peer' => 真,\n 'cafile' => '/path/to/ca-bundle.crt' 'cafile' => '/path/to/ca-bundle.crt'\n))); )));\nlibxml_set_streams_context($context); libxml_set_streams_context($context);
to your script so it gets executed before simplexml_load_file().到您的脚本,以便它在 simplexml_load_file() 之前执行。
Or - instead of the code above - set openssl.cafile=/path/to/ca-bundle.crt in your php.ini.或者 - 而不是上面的代码 - 在你的 php.ini 中设置openssl.cafile=/path/to/ca-bundle.crt 。
Very short explaination:非常简短的解释:
Your php version uses openssl to handle the http s transport.你的PHP版本使用openssl可以处理HTTP的交通。 openssl tries to verify whether the server really is who it claims to be. openssl 尝试验证服务器是否真的是它声称的那样。 It does that by checking whether its certificate is trusted.它通过检查其证书是否受信任来做到这一点。 A X.509 certificate contains some data about the owner and is signed by an issuer (itself having a certificate that is again signed and so on and on until a certificate where owner and issuer are identical -> self-signed/root certificate). X.509 证书包含有关所有者的一些数据并由颁发者签名(其本身具有再次签名的证书,依此类推,直到所有者和颁发者相同的证书 -> 自签名/根证书)。 A certificate is considered "trusted" if in that chain of certificates there is (at least) one certificate on which openssl "says": "ok, I have been instructed to trust this one".如果在该证书链中(至少)有一个证书,openssl 在其上“说”:“好的,我已被指示信任这个”,则该证书被认为是“受信任的”。 This instruction takes the form of (or can take the form of) "here's a file containing certificates that you're supposed to trust" (cafile).该指令采用(或可以采用)“这是一个包含您应该信任的证书的文件”(cafile)的形式。
The above code tells the libxml-wrapper of php to tell openssl where that cafile is when simplexml_load_file uses the https/openssl-wrapper.上面的代码告诉php的libxml-wrapper在simplexml_load_file使用https/openssl-wrapper时告诉openssl那个cafile在哪里。
And openssl.cafile=/path/to/ca-bundle.crt just sets it as default;而openssl.cafile=/path/to/ca-bundle.crt只是将其设置为默认值; unless instructed otherwise all openssl operations will use that file - including libxml/simple_xml_loadfile.除非另有说明,否则所有 openssl 操作都将使用该文件 - 包括 libxml/simple_xml_loadfile。
The ca-bundle.crt I've linked to is from a project that "claims" to provide the extracted root certificates as shipped with mozilla firefox.我链接到的 ca-bundle.crt 来自一个“声称”提供 mozilla firefox 附带的提取根证书的项目。 Regarding "claims": I have no reason to doubt that this really is the untampered root cert list;关于“声明”:我没有理由怀疑这确实是未篡改的根证书列表; but you never know: You're putting your trust a) in this project and b) mozilla doing a good job and only putting trustworthy certificates in that list....但你永远不知道:你信任 a) 这个项目 b) mozilla 做得很好,只把值得信赖的证书放在那个列表中......
for more explaination see http://phpsecurity.readthedocs.org/en/latest/Transport-Layer-Security-%28HTTPS-SSL-and-TLS%29.html#php-streams有关更多解释,请参阅http://phpsecurity.readthedocs.org/en/latest/Transport-Layer-Security-%28HTTPS-SSL-and-TLS%29.html#php-streams
解决方案2
5 2020-06-03 05:51:31
The work and example that @VolkerK displayed was excellent and simple. @VolkerK 展示的工作和示例非常出色且简单。 While this method didn't work for me, I took it one step further and basically removed the security for the moment.虽然这种方法对我不起作用,但我更进一步,暂时基本上取消了安全性。
$context = stream_context_create(array('ssl'=>array(
'verify_peer' => false,
"verify_peer_name"=>false
)));
libxml_set_streams_context($context);
$sxml = simplexml_load_file($webhostedXMLfile);
Yes, this is bad practice, but sometimes you need a temp fix instead of messages like this:是的,这是不好的做法,但有时您需要临时修复而不是这样的消息:
Warning: simplexml_load_file(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /srv/www/resources/public_html/files/etc/file.php on line 150 Warning: simplexml_load_file(): Failed to enable crypto in /srv/www/resources/public_html/files/etc/file.php on line 150
I hope it helps someone else.我希望它可以帮助别人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.