file_get_contents(): SSL operation failed with code 1, Failed to enable crypto

前端 未结 16 1787
情歌与酒
情歌与酒 2020-11-22 04:31

I’ve been trying to access this particular REST service from a PHP page I’ve created on our server. I narrowed the problem down to these two lines. So my PHP page looks li

相关标签:
16条回答
  • 2020-11-22 04:52

    I fixed this by making sure that that OpenSSL was installed on my machine and then adding this to my php.ini:

    openssl.cafile=/usr/local/etc/openssl/cert.pem
    
    0 讨论(0)
  • 2020-11-22 04:54

    Working for me, I am using PHP 5.6. openssl extension should be enabled and while calling google map api verify_peer make false Below code is working for me.

    <?php
    $arrContextOptions=array(
        "ssl"=>array(
             "verify_peer"=>false,
             "verify_peer_name"=>false,
        ),
    );  
    $url = "https://maps.googleapis.com/maps/api/geocode/json?latlng="
          . $latitude
          . ","
          . $longitude
          . "&sensor=false&key="
          . Yii::$app->params['GOOGLE_API_KEY'];
    
    $data = file_get_contents($url, false, stream_context_create($arrContextOptions));
    
    echo $data;
    ?>
    
    0 讨论(0)
  • 2020-11-22 04:54

    Had the same ssl-problem on my developer machine (php 7, xampp on windows) with a self signed certificate trying to fopen a "https://localhost/..."-file. Obviously the root-certificate-assembly (cacert.pem) didn't work. I just copied manually the code from the apache server.crt-File in the downloaded cacert.pem and did the openssl.cafile=path/to/cacert.pem entry in php.ini

    0 讨论(0)
  • 2020-11-22 04:56

    Another thing to try is to re-install ca-certificates as detailed here.

    # yum reinstall ca-certificates
    ...
    # update-ca-trust force-enable 
    # update-ca-trust extract
    

    And another thing to try is to explicitly allow the one site's certificate in question as described here (especially if the one site is your own server and you already have the .pem in reach).

    # cp /your/site.pem /etc/pki/ca-trust/source/anchors/
    # update-ca-trust extract
    

    I was running into this exact SO error after upgrading to PHP 5.6 on CentOS 6 trying to access the server itself which has a cheapsslsecurity certificate which maybe it needed to be updated, but instead I installed a letsencrypt certificate and with these two steps above it did the trick. I don't know why the second step was necessary.


    Useful Commands

    View openssl version:

    # openssl version
    OpenSSL 1.0.1e-fips 11 Feb 2013
    

    View PHP cli ssl current settings:

    # php -i | grep ssl
    openssl
    Openssl default config => /etc/pki/tls/openssl.cnf
    openssl.cafile => no value => no value
    openssl.capath => no value => no value
    
    0 讨论(0)
  • 2020-11-22 04:56

    Regarding errors similar to

    [11-May-2017 19:19:13 America/Chicago] PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

    Have you checked the permissions of the cert and directories referenced by openssl?

    You can do this

    var_dump(openssl_get_cert_locations());
    

    To get something similar to this

    array(8) {
      ["default_cert_file"]=>
      string(21) "/usr/lib/ssl/cert.pem"
      ["default_cert_file_env"]=>
      string(13) "SSL_CERT_FILE"
      ["default_cert_dir"]=>
      string(18) "/usr/lib/ssl/certs"
      ["default_cert_dir_env"]=>
      string(12) "SSL_CERT_DIR"
      ["default_private_dir"]=>
      string(20) "/usr/lib/ssl/private"
      ["default_default_cert_area"]=>
      string(12) "/usr/lib/ssl"
      ["ini_cafile"]=>
      string(0) ""
      ["ini_capath"]=>
      string(0) ""
    }
    

    This issue frustrated me for a while, until I realized that my "certs" folder had 700 permissions, when it should have had 755 permissions. Remember, this is not the folder for keys but certificates. I recommend reading this this link on ssl permissions.

    Once I did

    chmod 755 certs
    

    The problem was fixed, at least for me anyway.

    0 讨论(0)
  • 2020-11-22 04:57

    You shouldn't just turn off verification. Rather you should download a certificate bundle, perhaps the curl bundle will do?

    Then you just need to put it on your web server, giving the user that runs php permission to read the file. Then this code should work for you:

    $arrContextOptions=array(
        "ssl"=>array(
            "cafile" => "/path/to/bundle/cacert.pem",
            "verify_peer"=> true,
            "verify_peer_name"=> true,
        ),
    );
    
    $response = file_get_contents("https://maps.co.weber.ut.us/arcgis/rest/services/SDE_composite_locator/GeocodeServer/findAddressCandidates?Street=&SingleLine=3042+N+1050+W&outFields=*&outSR=102100&searchExtent=&f=json", false, stream_context_create($arrContextOptions));
    

    Hopefully, the root certificate of the site you are trying to access is in the curl bundle. If it isn't, this still won't work until you get the root certificate of the site and put it into your certificate file.

    0 讨论(0)
提交回复
热议问题