Curl через php постоянно жалуется на Problem with the SSL CA cert (path? access rights?)
. Это все произошло после попытки исправить еще одну проблему с curl 'SSL connect error' следуя той же шаги, описанные ниже.
я сделал yum reinstall ca-certificates
yum reinstall openssl
.
wget ftp://195.220.108.108/linux/centos/6.4/updates/x86_64/Packages/nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm
rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv
cp ./lib64/libfreeblpriv3.* /lib64
(хотя НСС-softokn-freebl никогда не был установлен, чтобы начать с).
mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
rpm2cpio ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm | cpio -idmv
cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/
даже
# cat `echo $CURL_HOME`/.curlrc
insecure
С
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
и
curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
(любовь что это http, а не https)
после apachectl restart
ничего...
сведения о системе
# cd /etc/ssl/certs/
# ls -ilha
262985 drwxr-xr-x. 2 root root 4.0K May 6 2015 .
262983 drwxr-xr-x. 5 root root 4.0K Dec 18 12:57 ..
301732 -rw-r--r-- 1 root root 2.2K Dec 14 00:16 Makefile
262984 lrwxrwxrwx 1 root root 49 Dec 18 12:28 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
262982 -rw-r--r-- 1 root root 857K Apr 23 2015 ca-bundle.crt.rpmnew
264377 lrwxrwxrwx 1 root root 55 Dec 18 12:28 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
301549 -rw-r--r-- 1 root root 251K Dec 18 10:48 cacert.pem
283448 -rw-r--r-- 1 root root 1.2K Feb 12 2013 localhost.crt
270298 -rwxr-xr-x 1 root root 610 Dec 14 00:16 make-dummy-cert
269100 -rwxr-xr-x 1 root root 829 Dec 14 00:16 renew-dummy-cert
# cd /
# namei -molv /etc/ssl/certs/cacert.pem
f: /etc/ssl/certs/cacert.pem
dr-xr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
lrwxrwxrwx root root certs -> ../pki/tls/certs
drwxr-xr-x root root ..
drwxr-xr-x root root pki
drwxr-xr-x root root tls
drwxr-xr-x root root certs
-rw-r--r-- root root cacert.pem
# cd /etc/pki/tls/certs/
# ls -ilha
262985 drwxr-xr-x. 2 root root 4.0K May 6 2015 .
262983 drwxr-xr-x. 5 root root 4.0K Dec 18 12:57 ..
301732 -rw-r--r-- 1 root root 2.2K Dec 14 00:16 Makefile
262984 lrwxrwxrwx 1 root root 49 Dec 18 12:28 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
262982 -rw-r--r-- 1 root root 857K Apr 23 2015 ca-bundle.crt.rpmnew
264377 lrwxrwxrwx 1 root root 55 Dec 18 12:28 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
301549 -rw-r--r-- 1 root root 251K Dec 18 10:48 cacert.pem
283448 -rw-r--r-- 1 root root 1.2K Feb 12 2013 localhost.crt
270298 -rwxr-xr-x 1 root root 610 Dec 14 00:16 make-dummy-cert
269100 -rwxr-xr-x 1 root root 829 Dec 14 00:16 renew-dummy-cert
# cd /
# namei -molv /etc/ssl/certs/cacert.pem
f: /etc/pki/tls/certs/ca-bundle.crt
dr-xr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root pki
drwxr-xr-x root root tls
drwxr-xr-x root root certs
lrwxrwxrwx root root ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
dr-xr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root pki
drwxr-xr-x root root ca-trust
drwxr-xr-x root root extracted
drwxr-xr-x root root pem
-r--r--r-- root root tls-ca-bundle.pem
# sestatus
SELinux status: disabled
# cat /etc/*release*
CentOS release 6.4 (Final)
CentOS release 6.4 (Final)
CentOS release 6.4 (Final)
cpe:/o:centos:linux:6:GA
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvde1 6.0G 3.6G 2.1G 64% /
tmpfs 3.6G 0 3.6G 0% /dev/shm
/dev/xvdj1 7.9G 6.9G 620M 92% /var/www