{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Ridiculous、 的问题《Same cURL script works in dev. Can't figure ou》','https://www.manongdao.com/q-893413.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This is the script, working on my dev machine:
$certPath = SITE_ROOT.'/certs/GoDaddyRootCertificateAuthority-G2.crt';
$options = [
CURLOPT_POST => 1,
CURLOPT_URL => 'https://uat.dwolla.com/oauth/rest/offsitegateway/checkouts',
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_POSTFIELDS => json_encode(['name'=>'value']),
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_CAINFO => $certPath,
];
$ch = curl_init();
curl_setopt_array($ch, $options);
if( ! $result = curl_exec($ch)) $err = curl_error($ch);
curl_close($ch);
if(!$result) echo $err;
else print_r(json_decode($result,true));
echo '<br/><br/>';
readfile($certPath); //output cert on screen
echo '<br/><br/>';
No issues. Once I move it to my production environment, the cURL connection fails with this error:
SSL certificate problem: unable to get local issuer certificate
- The same
.crtcontents are printed, so I know the path to the certificate is not the problem. - Both environments use
PHP 5.6.23onApache 2.4 - Dev machine is
Win 7 x64, prod machine isLinux CentOS 7
I don't know where to start looking for the cause. Why is the script not working in production?
UPDATE:
Thanks to @blackpen's great tip in comments, I learned about the CURLOPT_VERBOSE option used to generate a log of the connection. Here is the output in the broken production environment:
- Hostname was NOT found in DNS cache
- Trying 104.20.47.245...
- Connected to uat.dwolla.com (104.20.47.245) port 443 (#0)
- successfully set certificate verify locations:
- CAfile: /path/to/GoDaddyRootCertificateAuthority-G2.crt CApath: none
- SSL certificate problem: unable to get local issuer certificate
- Closing connection 0
Here is the log from the same script, but from the working development environment:
- Hostname in DNS cache was stale, zapped
- Trying 104.20.48.245...
- Connected to uat.dwolla.com (104.20.48.245) port 443 (#0)
- Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
- successfully set certificate verify locations:
- CAfile: /path/to/GoDaddyRootCertificateAuthority-G2.crt
CApath: none- NPN, negotiated HTTP1.1
- SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
- Server certificate:
- ...(cert details)
- SSL certificate verify ok.
- ... (more POST details)
I was able to get the script to work in both environments by replacing the
.crtthat worked only in the dev environments with a file namedcacert.pemtaken from hereI still don't know what exactly was going on but I suspect that it may have something to do with the formatting of the certificate. Perhaps PHP on Windows could deal with the
.crt, but PHP on Linux couldn't. I got the idea from the highest rated answer on another question.