it-swarm-ja.com

PHP CURL SSL CA証明書(パス?アクセス権?)

Phpを介したCurlは、常にProblem with the SSL CA cert (path? access rights?)について不平を言っています。これはすべて、以下の同じ手順のいくつかに従って、 curl'SSL接続エラー ' で別の問題を修正しようとした後に発生しました。

私はyum reinstall ca-certificatesyum reinstall openssl

wget ftp://195.220.108.108/linux/centos/6.4/updates/x86_64/Packages/nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm
rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv
cp ./lib64/libfreeblpriv3.* /lib64

(nss-softokn-freeblが最初からインストールされていなかったとしても)。

mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
rpm2cpio ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm | cpio -idmv
cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/

でも

# cat `echo $CURL_HOME`/.curlrc
insecure

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);

そして

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

(httpsではなくhttpであることが大好きです)

すべての後にapachectl restart

何も...

システム情報

# cd /etc/ssl/certs/
# ls -ilha
262985 drwxr-xr-x. 2 root root 4.0K May  6  2015 .
262983 drwxr-xr-x. 5 root root 4.0K Dec 18 12:57 ..
301732 -rw-r--r--  1 root root 2.2K Dec 14 00:16 Makefile
262984 lrwxrwxrwx  1 root root   49 Dec 18 12:28 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
262982 -rw-r--r--  1 root root 857K Apr 23  2015 ca-bundle.crt.rpmnew
264377 lrwxrwxrwx  1 root root   55 Dec 18 12:28 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
301549 -rw-r--r--  1 root root 251K Dec 18 10:48 cacert.pem
283448 -rw-r--r--  1 root root 1.2K Feb 12  2013 localhost.crt
270298 -rwxr-xr-x  1 root root  610 Dec 14 00:16 make-dummy-cert
269100 -rwxr-xr-x  1 root root  829 Dec 14 00:16 renew-dummy-cert

# cd /
# namei -molv /etc/ssl/certs/cacert.pem
f: /etc/ssl/certs/cacert.pem
dr-xr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
lrwxrwxrwx root root certs -> ../pki/tls/certs
drwxr-xr-x root root   ..
drwxr-xr-x root root   pki
drwxr-xr-x root root   tls
drwxr-xr-x root root   certs
-rw-r--r-- root root cacert.pem

# cd /etc/pki/tls/certs/
# ls -ilha
262985 drwxr-xr-x. 2 root root 4.0K May  6  2015 .
262983 drwxr-xr-x. 5 root root 4.0K Dec 18 12:57 ..
301732 -rw-r--r--  1 root root 2.2K Dec 14 00:16 Makefile
262984 lrwxrwxrwx  1 root root   49 Dec 18 12:28 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
262982 -rw-r--r--  1 root root 857K Apr 23  2015 ca-bundle.crt.rpmnew
264377 lrwxrwxrwx  1 root root   55 Dec 18 12:28 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
301549 -rw-r--r--  1 root root 251K Dec 18 10:48 cacert.pem
283448 -rw-r--r--  1 root root 1.2K Feb 12  2013 localhost.crt
270298 -rwxr-xr-x  1 root root  610 Dec 14 00:16 make-dummy-cert
269100 -rwxr-xr-x  1 root root  829 Dec 14 00:16 renew-dummy-cert

# cd /
# namei -molv /etc/ssl/certs/cacert.pem
f: /etc/pki/tls/certs/ca-bundle.crt
dr-xr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root pki
drwxr-xr-x root root tls
drwxr-xr-x root root certs
lrwxrwxrwx root root ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
dr-xr-xr-x root root   /
drwxr-xr-x root root   etc
drwxr-xr-x root root   pki
drwxr-xr-x root root   ca-trust
drwxr-xr-x root root   extracted
drwxr-xr-x root root   pem
-r--r--r-- root root   tls-ca-bundle.pem


# sestatus
SELinux status:                 disabled

# cat /etc/*release*
CentOS release 6.4 (Final)
CentOS release 6.4 (Final)
CentOS release 6.4 (Final)
cpe:/o:centos:linux:6:GA

# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/xvde1            6.0G  3.6G  2.1G  64% /
tmpfs                 3.6G     0  3.6G   0% /dev/shm
/dev/xvdj1            7.9G  6.9G  620M  92% /var/www
1
user3338098

すべての理由を超えて、修正はhttpdとphpに依存していました...

yum update php; yum update httpd

1
user3338098