[英]cURL error 60: SSL certificate in Laravel 5.4
Full Error完全错误
RequestException in CurlFactory.php line 187: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Scenario设想
Before anyone points me to these two laracasts answers: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate在有人向我指出这两个 laracast 答案之前: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate
https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/52954 https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/52954
I've already looked at them and that's why I'm here.我已经看过它们了,这就是我在这里的原因。
The problem I have is that now I have the cacert.pem file BUT it doesn't make sense where to put it, the answers indicate to place the file in my xampp directory and change my php.ini
file but I'm not using xampp for anything, I'm using Laravel's artisan server to run my project.我遇到的问题是,现在我有了 cacert.pem 文件,但放在哪里没有意义,答案表明将文件放在我的 xampp 目录中并更改我的
php.ini
文件但我没有使用xampp 对于任何事情,我使用 Laravel 的工匠服务器来运行我的项目。
If xampp is not in use, where should I place this file?如果 xampp 没有被使用,我应该把这个文件放在哪里? Moreover, why would an accepted answer be to place it in my xampp directory?
此外,为什么一个公认的答案是将它放在我的 xampp 目录中? I dont understand.
我不明白。
My Exact Question我的确切问题
Where do I place the cacert.pem
file to stop this error in laravel 5.4?在 laravel 5.4 中,我应该在哪里放置
cacert.pem
文件以阻止此错误?
Do not ever modify files in the vendor/
folder. 不要修改
vendor/
文件夹中的文件。 Ever. 永远。 They can and will be overwritten on the next composer update you run.
它们可以并且将在您运行的下一个作曲家更新中被覆盖。
Here is my Solution for WampServer 这是我的WampServer解决方案
I am using PHP 7.1.9 for my WampServer, so change 7.1.9
in the example below to the version number you are currently using. 我使用PHP 7.1.9作为我的WampServer,因此在下面的示例中将
7.1.9
更改为您当前使用的版本号。
C:\\wamp64\\bin\\php\\php7.1.9
folder C:\\wamp64\\bin\\php\\php7.1.9
文件夹中 php.ini
and find this line: php.ini
并找到以下行: ;curl.cainfo
Change it to: 将其更改为:
curl.cainfo = "C:\\wamp64\\bin\\php\\php7.1.9\\cacert.pem"
Make sure you remove the semicolon at the beginning of the line. 确保在行的开头删除分号。
Save changes to php.ini
, restart WampServer, and you're good to go! 将更改保存到
php.ini
,重启WampServer,你就好了!
This was stressfull to figure out but here is the exact answer for people using laravel and have this problem. 这很难解决,但这里是使用laravel的人的确切答案并且有这个问题。
My exact application versions are... 我的确切应用版本是......
Laravel: 5.4
Laravel:5.4
Guzzlehttp: 6.2
Guzzlehttp:6.2
Laravel Socialite: 3.0
Laravel Socialite:3.0
Download a fresh copy of this curl certificate from this link: https://gist.github.com/VersatilityWerks/5719158/download 从以下链接下载此卷曲证书的新副本: https : //gist.github.com/VersatilityWerks/5719158/download
Save the file in this path starting from the base root of your laravel application vendor/guzzlehttp/guzzle/src/cacert.pem
将文件保存在此路径中,从laravel应用程序
vendor/guzzlehttp/guzzle/src/cacert.pem
next in that same directory open up RequestOptions.php
and scroll down to the constant called CERT
and change it to this const CERT = 'cacert.pem';
然后在同一目录中打开
RequestOptions.php
并向下滚动到名为CERT
的常量并将其更改为此const CERT = 'cacert.pem';
and this should fix it all. 这应该解决所有问题。
EDIT 编辑
As people are pointing out you should never edit the vendor folder, this was just a quick fix for an application I was building in my spare time. 正如人们指出你永远不应该编辑供应商文件夹,这只是我在业余时间建立的应用程序的快速修复。 It wasn't anything majorly important like an application for my company or anything, use this method at your own risk!
对于我公司或其他任何应用来说,这不是什么重要的事情,使用这种方法需要您自担风险! Please check out the other answers if you need something more concrete.
如果你需要更具体的东西,请查看其他答案。
A quick solution but insecure (not recommended). 快速解决方案,但不安全(不推荐)。
Using cURL: 使用cURL:
Set CURLOPT_SSL_VERIYPEER to false 将CURLOPT_SSL_VERIYPEER设置为false
Using Guzzle: 使用Guzzle:
Set verify to false 将verify设置为false
example $client->request('GET', ' https://somewebsite.com ', ['verify' => false]); 示例$ client-> request('GET',' https://somewebsite.com ',['verify'=> false]);
\\vendor\\guzzlehttp\\guzzle\\src\\Client.php
file is the worst advice, as manual changes made to vendor folder are overwritten if you run composer update
command. \\vendor\\guzzlehttp\\guzzle\\src\\Client.php
文件进行更改的解决方案是最糟糕的建议,因为如果运行composer update
命令,将覆盖对vendor文件夹的手动更改。 php.ini
file on web server. php.ini
文件, kjdion84建议的解决方案是完美的。 In case you are using Shared Hosting, it may not be possible to edit php.ini
file. php.ini
文件。 When you don't have access to php.ini
file (eg Shared Hosting) 当您无法访问
php.ini
文件时(例如,共享主机)
verify
key to GuzzleHttp\\Client
constructor with its value as path to cacert.pem
file. verify
密钥添加到GuzzleHttp\\Client
构造函数,其值为cacert.pem
文件的路径。 With Laravel 5.7 and GuzzleHttp 6.0 使用Laravel 5.7和GuzzleHttp 6.0
// https://example.com/v1/current.json?key1=value1&key2=value2
$guzzleClient = new GuzzleHttp\Client([
'base_uri' => 'https://example.com',
'verify' => base_path('cacert.pem'),
]);
$response = $guzzleClient->get('v1/current.json', [
'query' => [
'key1' => 'value1',
'key2' => 'value2',
]
]);
$response = json_decode($response->getBody()->getContents(), true);
I had this problem while running Valet and attempting to make an api from one site in valet to another.我在运行 Valet 并尝试从一个站点到另一个站点制作 api 时遇到了这个问题。 Note that i'm working in OSX.
请注意,我在 OSX 中工作。 I found the solution here: https://github.com/laravel/valet/issues/460 In short you have to copy the valet pem to the system CA bundle.
我在这里找到了解决方案: https : //github.com/laravel/valet/issues/460总之,您必须将代客 pem 复制到系统 CA 包。 Just run this:
只需运行这个:
cp /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.bak && cat ~/.config/valet/CA/LaravelValetCASelfSigned.pem >> /usr/local/etc/openssl/cert.pem
I was sending a request from domain X to Y , my problem was with the certificate used on the domain Y (it wasn't a self-signed cert btw), the domain belonged to me & I had the certificate, so the quick fix was to use the domain Y's certificate on domain X's application:我从域X向Y发送请求,我的问题是域 Y 上使用的证书(顺便说一句,它不是自签名证书),域属于我,我有证书,所以快速修复是在域 X 的应用程序中使用域 Y 的证书:
On domain X :在域X 上:
Using Laravel 7 HTTP wrapper:使用 Laravel 7 HTTP 包装器:
\\Http::withOptions(['verify' => 'path-to-domain-Y-certificate']);
Using guzzle:使用狂饮:
new GuzzleHttp\\Client(['verify' => 'path-to-domain-Y-certificate']);
OR you could just contact your SSL provider to resolve the issue.或者您可以联系您的 SSL 提供商来解决问题。
Note : Storing your domain's certificate in another system isn't a secure method, use this method only if you can ensure your certificate's security.注意:将您的域的证书存储在另一个系统中不是一种安全的方法,仅当您可以确保证书的安全性时才使用此方法。
I haven't found what was wrong with the certificate, no browser seemed to have a problem with it, the only problem was generated on laravel using curl.我还没有发现证书有什么问题,似乎没有浏览器有问题,唯一的问题是使用 curl 在 laravel 上生成的。
We can set path based on this article on Medium.com How to fix cURL error 60: SSL certificate problem我们可以根据 Medium.com 上的这篇文章设置路径How to fix cURL error 60: SSL certificate problem
Steps to follow:要遵循的步骤:
您可以使用GuzzleHttp\\Client
:
$client = new Client(['verify' => false]);
Another one recently asked for the same problem and it's seems my answer was the solution for him. 另一个人最近问了同样的问题,看来我的答案是他的解决方案。 Here was the post I mention : URL Post
这是我提到的帖子: URL Post
That's what I said : 这就是我所说的 :
I'll be fully honest, I don't know anything about Laravel.
我会说实话,我对Laravel一无所知。 But I had the same problem, so as many other, on Symfony.
但是,和Symfony一样,我也遇到了同样的问题。 And so as you I tried many things without success.
因此,当我尝试很多事情但没有成功时。
Finally, this solution worked for me : URL solution
最后,这个解决方案对我有用: URL解决方案
It indicates that instead of a certificate problem , it could came from a environnement non-compatibility .
它表明,它可能来自环境不兼容 ,而不是证书问题 。 I used XAMPP instead of WAMP and it worked.
我使用XAMPP而不是WAMP,它起作用了。
Solved it on my end by disabling verify
completely when on debug setting since in this local scenario security is not an issue at all.通过在调试设置时完全禁用
verify
解决它,因为在这个本地场景中,安全根本不是问题。
$http = new \GuzzleHttp\Client([
'base_uri' => config('services.passport.login_endpoint'),
'verify' => config('app.debug') ? false : true,
'defaults' => [
'exceptions' => false,
]
]);
You need to edit the following file in vendor/guzzlehttp/guzzle/src/Client.php
您需要在
vendor/guzzlehttp/guzzle/src/Client.php
编辑以下文件
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => false, // By default this value will be true
'cookies' => false
];
May be security issue was there, but it will work.可能存在安全问题,但它会起作用。
curl.cainfo = "C:\wamp64\bin\php\php7.1.9\cacert.pem"
我已经用 wamp 解决了我的问题。
This happened to me in development with laravel 8 using the default server started by running:这发生在我使用 laravel 8 开发时,使用默认服务器启动:
php artisan serve
The solution for me was similar to other answers that require you to download cacert.pem
and edit php.ini
file.我的解决方案类似于其他要求您下载
cacert.pem
并编辑php.ini
文件的答案。 But since I was not using Wamp, I checked the path
in my environment variables to find which php installation windows defaulted to and made the changes there.但是由于我没有使用 Wamp,我检查了环境变量中的
path
以查找默认的 php 安装窗口并在那里进行更改。
I use laragon server and I faced to the same problem.我使用 laragon 服务器,我遇到了同样的问题。 I downloaded ssl certificate from http://curl.haxx.se/ca/cacert.pem and paste it in C:/laragon/etc/ssl/ (if cacert.pem already exists replace it with new one).
我从http://curl.haxx.se/ca/cacert.pem下载了 ssl 证书,并将其粘贴到 C:/laragon/ restart server and everything is fine
重新启动服务器,一切都很好
for Laravel: The 5 steps below will be helpful 对于Laravel:以下5个步骤将有所帮助
Guzzlehttp: 5.2
Guzzlehttp: 5.2
\\vendor\\guzzlehttp\\guzzle\\src\\Client.php
\\vendor\\guzzlehttp\\guzzle\\src\\Client.php
下找到该文件 edit default settings to 编辑默认设置
protected function getDefaultOptions() { $settings = [ 'allow_redirects' => true, 'exceptions' => true, 'decode_content' => true, 'verify' => getcwd() .'/vendor/guzzlehttp/guzzle/src/cacert.pem' ]; protected function getDefaultOptions(){$ settings = ['allow_redirects'=> true,'exceptions'=> true,'decode_content'=> true,'verify'=> getcwd()。'/ vendor / guzzlehttp / guzzle / src / cacert.pem']; }
}
download latest file cacert.pem from http://curl.haxx.se/ca/cacert.pem
and place under /vendor/guzzlehttp/guzzle/src/
从
http://curl.haxx.se/ca/cacert.pem
下载最新文件cacert.pem并放在/vendor/guzzlehttp/guzzle/src/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.