有时一些内部使用的加密 SSL 网页使用自签凭证, 如果用 curl 撷取这些使用自签凭证的 SSL 网页内容, 会出现以下错误:
curl: (60) Peer’s certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the –cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or –insecure) option.
要避免这个情况, 需要在 curl 指令后面加上 “-k” 或 “–insecure” 参数, 这样 curl 便不会检查 SSL 的有效性, 例如:
|
1 |
$ curl -k https://localhost/ |
|
1 |
$ curl --insecure https://localhost/ |
在指令模式可以用 “-k” 或 “–insecure” 参数解决自签凭证的问题, 如果在 PHP 上使用 curl, 同样会默认检查 SSL 有效性, 要略过检查, 只要在 curl_setopt() 函式上, 设定 CURLOPT_SSL_VERIFYPEER 选项为 false 即可, 例如:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
<?php $url = "https://localhost/"; $post_data['var1'] = "123"; $post_data['var2'] = "abc"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); // 这里略过检查 SSL 凭证有效性 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data)); $output = curl_exec($ch); curl_close($ch); ?> |
No Responses