PHP CURL“ NSS:找不到客户端证书(未指定昵称)”问题
[英]PHP CURL “NSS: client certificate not found (nickname not specified)” Issue
问题描述
Request to a single specific https endpoint fails on one of my servers with "NSS: client certificate not found (nickname not specified)" error from PHP CURL. 
在我的其中一台服务器上,对一个特定https端点的请求失败,并显示了来自PHP CURL的“ NSS:未找到客户端证书(未指定昵称)”错误。
When I ran the same query from the command line with verbose option I got the same error, but after that I also got a valid response (after the error in the same CURL request). 当我从命令行使用verbose选项运行相同的查询时,我遇到了相同的错误,但是此后我也得到了一个有效的响应(在同一CURL请求中的错误之后)。
Then I've enabled verbose option for my PHP CURL request and displayed it for testing like this: 然后,我为我的PHP CURL请求启用了verbose选项,并显示它以进行如下测试:
$error = curl_error($curl);
if ($error) {
echo "cURL Error #:" . $error;
rewind($verbose);
$verboseLog = htmlspecialchars(stream_get_contents($verbose));
echo "<pre>";
print_r($verboseLog);
} else {
echo $response;
}
And got this as output: 并将其作为输出:
cURL Error #:NSS: client certificate not found (nickname not specified)
* About to connect() to <address> port 8001 (#0)
* Trying <ip>... * connected
* Connected to <address> (<ip>) port 8001 (#0)
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.<address>m,O=XXX A.S.,OU=IT,L=Umraniye,ST=Istanbul,C=TR
* start date: Jun 11 12:52:03 2015 GMT
* expire date: Jun 09 14:16:13 2018 GMT
* common name: *.<address>
* issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE
> POST /<url_part> HTTP/1.1
Host: <address>:8001
Accept: */*
Accept-Encoding: deflate, gzip
authorization: Basic UlBlahBlahnJrcjEyMzQ1Ng==
cache-control: no-cache
content-type: application/json
postman-token: eeefe018-7cac-1706-7b6d-847800a7ad0f
Content-Length: 333
< HTTP/1.1 200 OK
< set-cookie: sap-usercontext=sap-client=100; path=/
< set-cookie: SAP_SESSIONID_CFP_100=ohZvfO5ZOwq_LTE76Zgz9L-C0NdhlRHngM0AF6R3IFY%3d; path=/
< content-type: application/json; charset=utf-8
< content-length: 1150
< cache-control: max-age=0
< sap-cache-control: +180
< sap-isc-uagent: 0
<
* Connection #0 to host <address> left intact
* Closing connection #0
So, CURL request finished with the error, but in verbose log we see that after the error valid response was also fetched. 因此,CURL请求以错误结束,但是在详细的日志中,我们看到在错误之后也获取了有效响应。
Here's my questions: 这是我的问题:
- Is there any way to overcome this NSS issue as long as other different
httpsendpoints work completely fine?只要其他不同的https终结点都能正常工作,是否有任何方法可以解决此NSS问题? Is it connected with endpoint's server configuration and can be resolved there?它是否与端点的服务器配置连接并且可以在那里解决? - If the first item fails, is it possible not to throw CURL NSS error, but get the response instead? 如果第一项失败,是否有可能不会抛出CURL NSS错误,而是得到响应?
CURLOPT_FAILONERRORoption does not help.CURLOPT_FAILONERROR选项无济于事。
CURL was built with NSS: CURL是使用NSS构建的:
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
Update: 更新:
The second item can be closed, because this error is really strange: curl_error returns the error, but curl_exec returns valid response at the same time. 第二个项目可以关闭,因为这个错误确实很奇怪: curl_error返回错误,但是curl_exec返回有效响应。
1 个解决方案
解决方案1
0 2017-07-05 16:25:15
Try giving a absolute path to the certificate and add a "./" prefix. 尝试提供证书的绝对路径,并添加“ ./”前缀。 For example "./path-to-your-cert" 例如“ ./您的证书路径”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.