[英]PHP CURL “NSS: client certificate not found (nickname not specified)” Issue
Request to a single specific https
endpoint fails on one of my servers with "NSS: client certificate not found (nickname not specified)" error from PHP CURL. 在我的其中一台服务器上,对一个特定
https
端点的请求失败,并显示了来自PHP CURL的“ NSS:未找到客户端证书(未指定昵称)”错误。
When I ran the same query from the command line with verbose
option I got the same error, but after that I also got a valid response (after the error in the same CURL request). 当我从命令行使用
verbose
选项运行相同的查询时,我遇到了相同的错误,但是此后我也得到了一个有效的响应(在同一CURL请求中的错误之后)。
Then I've enabled verbose
option for my PHP CURL request and displayed it for testing like this: 然后,我为我的PHP CURL请求启用了
verbose
选项,并显示它以进行如下测试:
$error = curl_error($curl);
if ($error) {
echo "cURL Error #:" . $error;
rewind($verbose);
$verboseLog = htmlspecialchars(stream_get_contents($verbose));
echo "<pre>";
print_r($verboseLog);
} else {
echo $response;
}
And got this as output: 并将其作为输出:
cURL Error #:NSS: client certificate not found (nickname not specified)
* About to connect() to <address> port 8001 (#0)
* Trying <ip>... * connected
* Connected to <address> (<ip>) port 8001 (#0)
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.<address>m,O=XXX A.S.,OU=IT,L=Umraniye,ST=Istanbul,C=TR
* start date: Jun 11 12:52:03 2015 GMT
* expire date: Jun 09 14:16:13 2018 GMT
* common name: *.<address>
* issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE
> POST /<url_part> HTTP/1.1
Host: <address>:8001
Accept: */*
Accept-Encoding: deflate, gzip
authorization: Basic UlBlahBlahnJrcjEyMzQ1Ng==
cache-control: no-cache
content-type: application/json
postman-token: eeefe018-7cac-1706-7b6d-847800a7ad0f
Content-Length: 333
< HTTP/1.1 200 OK
< set-cookie: sap-usercontext=sap-client=100; path=/
< set-cookie: SAP_SESSIONID_CFP_100=ohZvfO5ZOwq_LTE76Zgz9L-C0NdhlRHngM0AF6R3IFY%3d; path=/
< content-type: application/json; charset=utf-8
< content-length: 1150
< cache-control: max-age=0
< sap-cache-control: +180
< sap-isc-uagent: 0
<
* Connection #0 to host <address> left intact
* Closing connection #0
So, CURL request finished with the error, but in verbose log we see that after the error valid response was also fetched. 因此,CURL请求以错误结束,但是在详细的日志中,我们看到在错误之后也获取了有效响应。
Here's my questions: 这是我的问题:
https
endpoints work completely fine? https
终结点都能正常工作,是否有任何方法可以解决此NSS问题? Is it connected with endpoint's server configuration and can be resolved there? CURLOPT_FAILONERROR
option does not help. CURLOPT_FAILONERROR
选项无济于事。 CURL was built with NSS: CURL是使用NSS构建的:
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
Update: 更新:
The second item can be closed, because this error is really strange: curl_error
returns the error, but curl_exec
returns valid response at the same time. 第二个项目可以关闭,因为这个错误确实很奇怪:
curl_error
返回错误,但是curl_exec
返回有效响应。
Try giving a absolute path to the certificate and add a "./" prefix. 尝试提供证书的绝对路径,并添加“ ./”前缀。 For example "./path-to-your-cert"
例如“ ./您的证书路径”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.