php curl请求微信发红包接口出现错误:Peer's Certificate issuer is not recognized.

PHP版本:5.6.29
openssl版本:OpenSSL 1.0.1e-fips 11 Feb 2013

请求微信发红包接口,curl错误提示:Peer's Certificate issuer is not recognized.
1)以前一直运行好好的,代码也没有变动
2)用户尝试多次提现,偶尔可行

CURL参数 说明
CURLOPT_SSLCERT
set SSL client certificate
CURLOPT_SSLKEY
specify private keyfile for TLS and SSL client cert
CURLOPT_CAINFO
path to Certificate Authority (CA) bundle

尝试的解决方案:
1)此种情况多发生在自签名的证书,报错含义是签发证书机构未经认证,无法识别。
解决办法是将签发该证书的私有CA公钥cacert.pem文件内容,追加到/etc/pki/tls/certs/ca-bundle.crt。
http://www.ipcpu.com/2014/12/curl-https-error/
经检查/etc/pki/tls/certs/ca-bundle.crt已包含微信发布的rootca.pem内容。
尝试去掉CURLOPT_CAINFO配置项,该选项配置的是微信给的rootca.pem

修改之后,没有出现Peer's Certificate issuer is not recognized.日志了,问题解决
查看 CURLOPT_CAINFO 的含义:
https://curl.haxx.se/libcurl/c/CURLOPT_CAINFO.html
注意到:For SSL engines that don't support certificate files the CURLOPT_CAINFO option is ignored. Refer to  https://curl.haxx.se/docs/ssl-compared.html

你可能感兴趣的:(PHP)