【发布时间】:2014-01-22 17:45:50
【问题描述】:
我在本地 (Fedora) 遇到问题,但在我的服务器 (RedHat) 上没有看到。在 apache 下运行的脚本中使用 php 的 curl 函数时,我无法连接到 HTTPS 服务器。当我从 CLI 运行完全相同的脚本时,连接起来没有问题。我连接到 HTTP 服务器没有问题,只连接到 HTTPS。当我在 RedHat 服务器上运行完全相同的脚本时,它在 apache 和 CLI 下运行良好。
这是脚本:
<?php
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => "https://www.google.com/",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE => true,
]);
$result = curl_exec($ch);
$headers = curl_getinfo($ch);
echo "Result:\n";
var_export($result);
echo "\n\nHeaders:\n";
var_export($headers);
?>
当我在 apache 下运行它时,我得到这个输出:
Result:
false
Headers:
array (
'url' => 'https://www.google.com/',
'content_type' => NULL,
'http_code' => 0,
'header_size' => 0,
'request_size' => 0,
'filetime' => -1,
'ssl_verify_result' => 0,
'redirect_count' => 0,
'total_time' => 0.028444000000000001,
'namelookup_time' => 0.028337000000000001,
'connect_time' => 0.040409,
'pretransfer_time' => 0,
'size_upload' => 0,
'size_download' => 0,
'speed_download' => 0,
'speed_upload' => 0,
'download_content_length' => -1,
'upload_content_length' => -1,
'starttransfer_time' => 0,
'redirect_time' => 0,
'redirect_url' => '',
'primary_ip' => '74.125.226.146',
'certinfo' =>
array (
),
'primary_port' => 443,
'local_ip' => '192.168.5.197',
'local_port' => 39900,
)
.. 这个在错误日志中:
* Adding handle: conn: 0x7fdaff4ba4b0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 1 (0x7fdaff4ba4b0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.google.com port 443 (#1)
* Trying 74.125.226.146...
* Connected to www.google.com (74.125.226.146) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* Closing connection 1
在 CLI 中运行时,我得到以下输出:
* Adding handle: conn: 0x7fb9c7c6b670
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fb9c7c6b670) send_pipe: 1, recv_pipe: 0
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.226.148...
* Connected to www.google.com (74.125.226.148) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using SSL_RSA_WITH_RC4_128_SHA
* Server certificate:
* subject: CN=www.google.com,O=Google Inc,L=Mountain View,ST=California,C=US
* start date: Dec 11 12:02:58 2013 GMT
* expire date: Apr 10 00:00:00 2014 GMT
* common name: www.google.com
* issuer: CN=Google Internet Authority G2,O=Google Inc,C=US
> GET / HTTP/1.1
Host: www.google.com
Accept: */*
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Location: https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo
< Content-Length: 257
< Date: Wed, 22 Jan 2014 17:38:21 GMT
* Server GFE/2.0 is not blacklisted
< Server: GFE/2.0
< Alternate-Protocol: 443:quic
<
* Connection #0 to host www.google.com left intact
Result:
'<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo">here</A>.
</BODY></HTML>
'
Headers:
array (
'url' => 'https://www.google.com/',
'content_type' => 'text/html; charset=UTF-8',
'http_code' => 302,
'header_size' => 259,
'request_size' => 53,
'filetime' => -1,
'ssl_verify_result' => 0,
'redirect_count' => 0,
'total_time' => 0.210087,
'namelookup_time' => 0.028376999999999999,
'connect_time' => 0.041487000000000003,
'pretransfer_time' => 0.19747600000000001,
'size_upload' => 0,
'size_download' => 257,
'speed_download' => 1223,
'speed_upload' => 0,
'download_content_length' => 257,
'upload_content_length' => 0,
'starttransfer_time' => 0.210032,
'redirect_time' => 0,
'redirect_url' => 'https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo',
'primary_ip' => '74.125.226.148',
'certinfo' =>
array (
),
'primary_port' => 443,
'local_ip' => '192.168.5.197',
'local_port' => 50454,
)
有什么想法吗?谢谢。这是 PHP 5.5.7。
【问题讨论】:
-
我应该提到 /bin/curl 也可以,并且我尝试设置 CURLOPT_CAINFO,但结果是一样的。