这确实是openSSL中的一个bug。此功能仅在以下情况下有用: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 另请参阅: If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. SSL_get_verify_result() is only useful in connection with SSL_get_peer_certificate(3). http://www.openssl.org/docs/ssl/SSL_get_verify_result.html#bugs 请记住,当您希望cURL连接到SSL并验证证书时,您必须先下载CA证书并将其保存到您的应用程序中(firefox可以做到这一点),然后在cURL调用中引用它。例如:
1条答案
按热度按时间h79rfbju1#
这确实是openSSL中的一个bug。此功能仅在以下情况下有用:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);另请参阅:
If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. SSL_get_verify_result() is only useful in connection with SSL_get_peer_certificate(3).http://www.openssl.org/docs/ssl/SSL_get_verify_result.html#bugs
请记住,当您希望cURL连接到SSL并验证证书时,您必须先下载CA证书并将其保存到您的应用程序中(firefox可以做到这一点),然后在cURL调用中引用它。例如:
关于这点的小教程:http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/