首页 > 编程入门 文章详情

Guzzle Curl Error 60 SSL无法获取本地颁发者

编程入门 行业动态 更新时间:2024-10-27 20:29:38
本文介绍了Guzzle Curl Error 60 SSL无法获取本地颁发者的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述

尝试使用YouTube API v3获取一些视频信息,在Symfony2中使用Guzzle使用服务描述符。

Trying to use the YouTube API v3 to get some video(s) information, using Guzzle in Symfony2 using Service Descriptors.

当我运行脚本时,我得到:

When I run the script, I get this:

60:SSL证书问题:无法获取本地颁发者证书[url] www.googleapis/youtube/v3/videos?id=2xbVbCoHBgA&part=snippet&key= {MY_KEY}

[curl] 60: SSL certificate problem: unable to get local issuer certificate [url] www.googleapis/youtube/v3/videos?id=2xbVbCoHBgA&part=snippet&key={MY_KEY}

500内部服务器错误 - CurlException

500 Internal Server Error - CurlException

我的描述符如下所示:

{ "name": "YouTube", "baseUrl": "www.googleapis", "apiVersion": "v3", "description": "YouTube GData Graph API", "operations": { "GetVideos": { "httpMethod": "GET", "uri": "/youtube/v3/videos", "parameters": { "id": { "type":"string", "location":"query", "required": true }, "part": { "location": "query", "default": "snippet" }, "key": { "location": "query", "default": "{MY KEY}", "static": true }, "maxResults": { "location": "query", "default": 50 } } } } }

这是在一个本地的Ubuntu 14.04开发环境下运行的,有一个非常基本的LAMP堆栈。

This is running on a local Ubuntu 14.04 development environment with a very basic LAMP stack going on.

有什么可能是什么原因的想法?

Any ideas as to what might be causing this?

推荐答案

[curl] 60:SSL证书问题:无法获得本地发行者证书

好吧,从外面看,看起来服务器证书是坏的。

Well, from the outside looking in, it looks like the server certificate is bad. It does not include the name "googleapis".

首先,使用获取证书openssl s_client :

openssl s_client -connect googleapis:443

然后将证书保存到文件。证书以 ----- BEGIN CERTIFICATE ----- 开头,结尾为 ----- END CERTIFICATE ----- 。

Then save the certificate to a file. The certificate starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.

接下来,使用 openssl x509 打印证书(如下所示)。它缺少 googleapis 。

Next, print the certificate with openssl x509 (shown below). Its missing googleapis.

您可能需要接受名称不匹配,并固定服务器的公钥。 Google每30天左右轮换一次证书,以确保移动客户端的CRL较小。这意味着您不能固定证书。

You probably need to accept the name mismatch, and pin the server's public key. Google rotates their certificates every 30 days or so to keep CRLs small for mobile clients. That means you can't pin the certificate. However, Google re-certifies the same public key, so key continuity schemes like public key pinning work.

使用时有一个较小的第二个问题, openssl s_client 。 s_client 需要使用 Google Internet Authority G2 选项 CAfile 。缺少的CA导致错误无法获取下面的本地颁发者证书。您可以在 pki.google 下载Google的CA文件。

There's a smaller, second issue when using openssl s_client. s_client needs the option CAfile using Google Internet Authority G2. The missing CA is causing the error unable to get local issuer certificate below. You can download Google's CA file at pki.google.

$ openssl s_client -connect googleapis:443 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

您也可以使用 Equifax安全证书颁发机构作为信任根,因为它显示为Equifax交叉认证的Google CA。

You could also use Equifax Secure Certificate Authority as the root of trust because it appears Equifax cross-certified Google's CA.

但是名称不匹配是一个交易破坏者。这是X509证书应该做的一件事:通过可信的权威机构将一个实体(如服务器名称或用户)绑定到公钥。

But the name mismatch is a deal breaker. That's the one thing an X509 certificate is supposed to do: bind a entity, like a server name or user, to a public key through a trusted authority. It does not matter who signed the broken certificate (I could have signed it).

$ openssl x509 -in googleapis-com.txt -inform PEM -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 9106978240760957072 (0x7e627c7589c4c890) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2 Validity Not Before: Jul 2 13:04:27 2014 GMT Not After : Sep 30 00:00:00 2014 GMT Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=google Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ab:02:29:67:f1:08:cc:f0:5c:63:ff:75:b3:bd: 41:62:c6:83:0c:3b:e6:1b:9a:41:0d:dc:5a:b3:34: db:a3:37:6f:4f:bf:f5:8a:01:39:6a:91:b7:d1:a6: 83:6d:c6:28:60:79:c9:07:f2:ad:23:00:f2:31:74: b0:a3:d0:d6:ac:5a:f4:31:c8:98:9c:49:c6:20:0b: ce:81:2b:51:b6:54:0f:65:54:f2:b3:08:c9:c0:c8: ca:a6:ec:bb:fc:8e:a5:64:70:6b:dc:08:45:9c:14: cd:cd:aa:49:fd:e9:a5:f1:7d:c6:f8:5d:52:e8:d8: 3d:21:81:46:49:ba:f7:bd:7d:07:42:31:cf:79:61: b1:47:2c:ba:ce:5a:cd:52:4a:5f:d2:b6:88:d0:a2: 94:53:e2:65:d6:66:80:43:17:e1:2e:43:ab:ca:2f: 79:e6:11:8b:4a:35:fa:e1:43:e3:49:66:5a:1f:e0: a3:1c:5e:1c:6e:aa:de:0d:ba:cb:20:e3:3d:9e:66: 47:32:25:3c:01:22:b3:69:a6:96:0e:2e:13:c7:fd: 70:c6:61:7e:a9:f0:ad:a4:a6:41:13:36:8c:46:74: c8:a5:ac:b0:b5:17:00:b8:0e:62:79:1a:fc:7e:7c: 2b:f7:2e:c0:ab:07:fc:8e:46:3c:8f:f2:e5:6e:8f: 83:17 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:google, DNS:*.2mdn, DNS:*.android, DNS:*.appengine.google, DNS:*.au.doubleclick, DNS:*.cc-dt, DNS:*.cloud.google, DNS:*.de.doubleclick, DNS:*.doubleclick, DNS:*.doubleclick, DNS:*.fls.doubleclick, DNS:*.fr.doubleclick, DNS:*.google-analytics, DNS:*.google.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af, DNS:*.google.ag, DNS:*.google.al, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at, DNS:*.google.az, DNS:*.google.ba, DNS:*.google.be, DNS:*.google.bf, DNS:*.google.bg, DNS:*.google.bi, DNS:*.google.bj, DNS:*.google.bs, DNS:*.google.bt, DNS:*.google.by, DNS:*.google.ca, DNS:*.google.cat, DNS:*.google.cc, DNS:*.google.cd, DNS:*.google.cf, DNS:*.google.cg, DNS:*.google.ch, DNS:*.google.ci, DNS:*.google.cl, DNS:*.google.cm, DNS:*.google, DNS:*.google.co.ao, DNS:*.google.co.bw, DNS:*.google.co.ck, DNS:*.google.co.cr, DNS:*.google.co.hu, DNS:*.google.co.id, DNS:*.google.co.il, DNS:*.google.co.im, DNS:*.google.co.in, DNS:*.google.co.je, DNS:*.google.co.jp, DNS:*.google.co.ke, DNS:*.google.co.kr, DNS:*.google.co.ls, DNS:*.google.co.ma, DNS:*.google.co.mz, DNS:*.google.co.nz, DNS:*.google.co.th, DNS:*.google.co.tz, DNS:*.google.co.ug, DNS:*.google.co.uk, DNS:*.google.co.uz, DNS:*.google.co.ve, DNS:*.google.co.vi, DNS:*.google.co.za, DNS:*.google.co.zm, DNS:*.google.co.zw, DNS:*.google, DNS:*.google.af, DNS:*.google.ag, DNS:*.google.ai, DNS:*.google.ar, DNS:*.google.au, DNS:*.google.bd, DNS:*.google.bh, DNS:*.google.bn, DNS:*.google.bo, DNS:*.google.br, DNS:*.google.by, DNS:*.google.bz, DNS:*.google, DNS:*.google.co, DNS:*.google.cu, DNS:*.google.cy, DNS:*.google.do, DNS:*.google.ec, DNS:*.google.eg, DNS:*.google.et, DNS:*.google.fj, DNS:*.google.ge, DNS:*.google.gh, DNS:*.google.gi, DNS:*.google.gr, DNS:*.google.gt, DNS:*.google.hk, DNS:*.google.iq, DNS:*.google.jm, DNS:*.google.jo, DNS:*.google.kh, DNS:*.google.kw, DNS:*.google.lb, DNS:*.google.ly, DNS:*.google.mm, DNS:*.google.mt, DNS:*.google.mx, DNS:*.google.my, DNS:*.google.na, DNS:*.google.nf, DNS:*.google.ng, DNS:*.google.ni, DNS:*.google.np, DNS:*.google.nr, DNS:*.google.om, DNS:*.google.pa, DNS:*.google.pe, DNS:*.google.pg, DNS:*.google.ph, DNS:*.google.pk, DNS:*.google.pl, DNS:*.google.pr, DNS:*.google.py, DNS:*.google.qa, DNS:*.google.ru, DNS:*.google.sa, DNS:*.google.sb, DNS:*.google.sg, DNS:*.google.sl, DNS:*.google.sv, DNS:*.google.tj, DNS:*.google.tn, DNS:*.google.tr, DNS:*.google.tw, DNS:*.google.ua, DNS:*.google.uy, DNS:*.google.vc, DNS:*.google.ve, DNS:*.google.vn, DNS:*.google.cv, DNS:*.google.cz, DNS:*.google.de, DNS:*.google.dj, DNS:*.google.dk, DNS:*.google.dm, DNS:*.google.dz, DNS:*.google.ee, DNS:*.google.es, DNS:*.google.fi, DNS:*.google.fm, DNS:*.google.fr, DNS:*.google.ga, DNS:*.google.ge, DNS:*.google.gg, DNS:*.google.gl, DNS:*.google.gm, DNS:*.google.gp, DNS:*.google.gr, DNS:*.google.gy, DNS:*.google.hk, DNS:*.google.hn, DNS:*.google.hr, DNS:*.google.ht, DNS:*.google.hu, DNS:*.google.ie, DNS:*.google.im, DNS:*.google.info, DNS:*.google.iq, DNS:*.google.ir, DNS:*.google.is, DNS:*.google.it, DNS:*.google.it.ao, DNS:*.google.je, DNS:*.google.jo, DNS:*.google.jobs, DNS:*.google.jp, DNS:*.google.kg, DNS:*.google.ki, DNS:*.google.kz, DNS:*.google.la, DNS:*.google.li, DNS:*.google.lk, DNS:*.google.lt, DNS:*.google.lu, DNS:*.google.lv, DNS:*.google.md, DNS:*.google.me, DNS:*.google.mg, DNS:*.google.mk, DNS:*.google.ml, DNS:*.google.mn, DNS:*.google.ms, DNS:*.google.mu, DNS:*.google.mv, DNS:*.google.mw, DNS:*.google.ne, DNS:*.google.ne.jp, DNS:*.google, DNS:*.google.ng, DNS:*.google.nl, DNS:*.google.no, DNS:*.google.nr, DNS:*.google.nu, DNS:*.google.off.ai, DNS:*.google.pk, DNS:*.google.pl, DNS:*.google.pn, DNS:*.google.ps, DNS:*.google.pt, DNS:*.google.ro, DNS:*.google.rs, DNS:*.google.ru, DNS:*.google.rw, DNS:*.google.sc, DNS:*.google.se, DNS:*.google.sh, DNS:*.google.si, DNS:*.google.sk, DNS:*.google.sm, DNS:*.google.sn, DNS:*.google.so, DNS:*.google.sr, DNS:*.google.st, DNS:*.google.td, DNS:*.google.tg, DNS:*.google.tk, DNS:*.google.tl, DNS:*.google.tm, DNS:*.google.tn, DNS:*.google.to, DNS:*.google.tt, DNS:*.google.us, DNS:*.google.uz, DNS:*.google.vg, DNS:*.google.vu, DNS:*.google.ws, DNS:*.googleapis, DNS:*.googlecommerce, DNS:*.googlevideo, DNS:*.gstatic, DNS:*.gvt1, DNS:*.jp.doubleclick, DNS:*.metric.gstatic, DNS:*.uk.doubleclick, DNS:*.urchin, DNS:*.url.google, DNS:*.youtube-nocookie, DNS:*.youtube, DNS:*.youtubeeducation, DNS:*.ytimg, DNS:ad.mo.doubleclick, DNS:android, DNS:doubleclick, DNS:g.co, DNS:goo.gl, DNS:google-analytics, DNS:google.ac, DNS:google.ad, DNS:google.ae, DNS:google.af, DNS:google.ag, DNS:google.al, DNS:google.am, DNS:google.as, DNS:google.at, DNS:google.az, DNS:google.ba, DNS:google.be, DNS:google.bf, DNS:google.bg, DNS:google.bi, DNS:google.bj, DNS:google.bs, DNS:google.bt, DNS:google.by, DNS:google.ca, DNS:google.cat, DNS:google.cc, DNS:google.cd, DNS:google.cf, DNS:google.cg, DNS:google.ch, DNS:google.ci, DNS:google.cl, DNS:google.cm, DNS:google, DNS:google.co.ao, DNS:google.co.bw, DNS:google.co.ck, DNS:google.co.cr, DNS:google.co.hu, DNS:google.co.id, DNS:google.co.il, DNS:google.co.im, DNS:google.co.in, DNS:google.co.je, DNS:google.co.jp, DNS:google.co.ke, DNS:google.co.kr, DNS:google.co.ls, DNS:google.co.ma, DNS:google.co.mz, DNS:google.co.nz, DNS:google.co.th, DNS:google.co.tz, DNS:google.co.ug, DNS:google.co.uk, DNS:google.co.uz, DNS:google.co.ve, DNS:google.co.vi, DNS:google.co.za, DNS:google.co.zm, DNS:google.co.zw, DNS:google.af, DNS:google.ag, DNS:google.ai, DNS:google.ar, DNS:google.au, DNS:google.bd, DNS:google.bh, DNS:google.bn, DNS:google.bo, DNS:google.br, DNS:google.by, DNS:google.bz, DNS:google, DNS:google.co, DNS:google.cu, DNS:google.cy, DNS:google.do, DNS:google.ec, DNS:google.eg, DNS:google.et, DNS:google.fj, DNS:google.ge, DNS:google.gh, DNS:google.gi, DNS:google.gr, DNS:google.gt, DNS:google.hk, DNS:google.iq, DNS:google.jm, DNS:google.jo, DNS:google.kh, DNS:google.kw, DNS:google.lb, DNS:google.ly, DNS:google.mm, DNS:google.mt, DNS:google.mx, DNS:google.my, DNS:google.na, DNS:google.nf, DNS:google.ng, DNS:google.ni, DNS:google.np, DNS:google.nr, DNS:google.om, DNS:google.pa, DNS:google.pe, DNS:google.pg, DNS:google.ph, DNS:google.pk, DNS:google.pl, DNS:google.pr, DNS:google.py, DNS:google.qa, DNS:google.ru, DNS:google.sa, DNS:google.sb, DNS:google.sg, DNS:google.sl, DNS:google.sv, DNS:google.tj, DNS:google.tn, DNS:google.tr, DNS:google.tw, DNS:google.ua, DNS:google.uy, DNS:google.vc, DNS:google.ve, DNS:google.vn, DNS:google.cv, DNS:google.cz, DNS:google.de, DNS:google.dj, DNS:google.dk, DNS:google.dm, DNS:google.dz, DNS:google.ee, DNS:google.es, DNS:google.fi, DNS:google.fm, DNS:google.fr, DNS:google.ga, DNS:google.ge, DNS:google.gg, DNS:google.gl, DNS:google.gm, DNS:google.gp, DNS:google.gr, DNS:google.gy, DNS:google.hk, DNS:google.hn, DNS:google.hr, DNS:google.ht, DNS:google.hu, DNS:google.ie, DNS:google.im, DNS:google.info, DNS:google.iq, DNS:google.ir, DNS:google.is, DNS:google.it, DNS:google.it.ao, DNS:google.je, DNS:google.jo, DNS:google.jobs, DNS:google.jp, DNS:google.kg, DNS:google.ki, DNS:google.kz, DNS:google.la, DNS:google.li, DNS:google.lk, DNS:google.lt, DNS:google.lu, DNS:google.lv, DNS:google.md, DNS:google.me, DNS:google.mg, DNS:google.mk, DNS:google.ml, DNS:google.mn, DNS:google.ms, DNS:google.mu, DNS:google.mv, DNS:google.mw, DNS:google.ne, DNS:google.ne.jp, DNS:google, DNS:google.ng, DNS:google.nl, DNS:google.no, DNS:google.nr, DNS:google.nu, DNS:google.off.ai, DNS:google.pk, DNS:google.pl, DNS:google.pn, DNS:google.ps, DNS:google.pt, DNS:google.ro, DNS:google.rs, DNS:google.ru, DNS:google.rw, DNS:google.sc, DNS:google.se, DNS:google.sh, DNS:google.si, DNS:google.sk, DNS:google.sm, DNS:google.sn, DNS:google.so, DNS:google.sr, DNS:google.st, DNS:google.td, DNS:google.tg, DNS:google.tk, DNS:google.tl, DNS:google.tm, DNS:google.tn, DNS:google.to, DNS:google.tt, DNS:google.us, DNS:google.uz, DNS:google.vg, DNS:google.vu, DNS:google.ws, DNS:googlecommerce, DNS:gstatic, DNS:urchin, DNS:youtu.be, DNS:youtube, DNS:youtubeeducation Authority Information Access: CA Issuers - URI:pki.google/GIAG2.crt OCSP - URI:clients1.google/ocsp X509v3 Subject Key Identifier: 71:D7:BB:09:DE:42:EB:E5:E0:75:3D:49:64:97:E5:9A:8D:6E:C3:8E X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.11129.2.5.1 X509v3 CRL Distribution Points: Full Name: URI:pki.google/GIAG2.crl Signature Algorithm: sha1WithRSAEncryption 8f:f3:ec:dd:ca:45:d2:20:12:40:cd:ce:72:10:42:b5:ac:4b: 8c:45:15:15:d7:9f:fb:01:e7:84:63:c6:41:b4:93:8b:79:ab: 51:56:b9:3f:07:74:5b:c7:38:ad:f0:ee:97:53:3b:f8:2d:bc: 94:23:ca:2e:1f:0c:5b:21:82:ae:b8:0f:55:43:1a:58:8f:4d: 25:0a:80:32:a6:c9:ff:3f:43:f5:1f:39:63:9f:a6:82:20:b4: 74:d4:e1:ef:e0:f9:92:c5:63:b6:e2:61:e4:e7:4e:c7:a3:dd: 44:1b:32:e0:06:7f:84:b6:45:20:57:6a:71:07:c2:54:b0:69: 9c:a2:f6:3f:5f:52:ca:9e:ba:77:b3:0b:4f:2a:b7:14:ca:c9: 7a:6c:f3:ce:2b:aa:c1:0d:ea:33:8f:e6:39:24:83:84:dc:3c: ac:f0:83:2e:98:9f:2f:54:de:c4:c5:b0:05:a3:e3:ca:a5:13: 9c:28:ba:6b:e9:ee:e0:10:41:4a:d7:78:cd:60:0f:79:0f:0a: e3:76:46:ce:7a:b4:84:1b:07:91:21:83:23:17:7a:77:e8:32: 3b:14:7c:3a:a8:fb:d6:c2:bf:18:4a:ad:d7:c1:d6:30:cd:67: b4:8f:7d:27:43:97:b8:12:9d:0b:7e:ae:de:27:83:fa:89:29: d9:be:e4:43

更多推荐

Guzzle Curl Error 60 SSL无法获取本地颁发者

本文发布于:2023-06-04 21:18:23,感谢您对本站的认可!
本文链接:https://www.elefans.com/category/jswz/34/505244.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文标签:Curl   Guzzle   Error   SSL

发布评论

评论列表 (有 0 条评论)

最近发表

草根站长

>www.elefans.com

编程频道|电子爱好者 - 技术资讯及电子产品介绍!

热门文章

标签列表