'composer install'命令在Docker上失败,给出'SSL操作失败,代码为1'错误

问题描述 投票:0回答:1

我在Windows机器上,运行Docker。 Docker映像为FROM php:7.3-apache

系统:Linux b6df004de9df 4.9.184-linuxkit#1 SMP Tue Jul 2 22:58:16UTC 2019 x86_64

已在Composer版本1.9.0 2019-08-02中成功将Composer安装在此容器中。

现在,我进入容器的bash,并输入了一个命令[[$ composer init,该命令成功运行并初始化了该Composer,但是,在$ composer install命令中,它给出了一个错误] >

[Composer \ Downloader \ TransportException]不能使用“ https://repo.packagist.org/packages.json”文件下载:SSL操作失败,代码为1。打开SSL错误消息:错误:1416F086:SSL例程:tls_process_server_certificate:证书验证失败无法启用加密,无法打开流:操作失败

正如我所看到的,它是证书的OpenSSL错误,我试图获取确切的错误:

root @ b6df004de9df:/ var / www / html / my_JSON_proj#openssl s_client-connect www.google.com:443 CONNECTED(00000003)depth = 2 C =美国,ST =加利福尼亚,O = Zscaler Inc.,OU = Zscaler Inc.,CN = Zscaler中级根CA(zscalertwo.net),emailAddress [email protected]

验证错误:num = 20:无法获取本地发行者证书

再次确认,我再次尝试:

root @ b6df004de9df:/ var / www / html / my_JSON_proj#curlhttps://google.com

卷曲:(60)SSL证书问题:无法获取本地颁发者证书

Openssl版本:OpenSSL 1.1.0k 2019年5月28日

<< openssl_get_cert_locations的输出>>():

array(8) { ["default_cert_file"]=> "/usr/lib/ssl/cert.pem" ["default_cert_file_env"]=> "SSL_CERT_FILE" ["default_cert_dir"]=> "/usr/lib/ssl/certs" ["default_cert_dir_env"]=> "SSL_CERT_DIR" ["default_private_dir"]=> "/usr/lib/ssl/private" ["default_default_cert_area"]=> "/usr/lib/ssl" ["ini_cafile"]=> "" ["ini_capath"]=> "" } 所以要解决这个问题[[我尝试过的解决方案

我创建了我的本地主机证书参考:https://www.digicert.com/ssl-support/openssl-quick-reference-guide.htm#:~:targetText=OpenSSL%20is%20an%20open%2Dsource,and%20how%20to%20use%20them。但不确定何时将该证书放在

    / usr / local / share / ca-certifcates /
文件夹中并尝试

  • curlhttps://google.com/--cacert /usr/local/share/ca-certifcates/localhost.pem-仍然相同的错误

    编辑了我的[[/usr/local/etc/php/php.ini

    要添加的php配置文件
  • curl.cainfo="/usr/local/share/ca-certificates/localhost.pem"
  • openssl.cafile = "/usr/local/share/ca-certificates/localhost.pem"只是找到-同样的错误

    我一直没有运气尝试过。我已经从字面上扫描了几乎所有与curl,OpenSSL,SSL,Docker等有关的堆栈溢出帖子,但找不到答案。

    进一步的更新和发现

      令人惊讶的是,我想知道https://curl.haxx.se/ca/cacert.pem提供的“ cacert.pem”文件(注意-http
    • s)来解决SSL问题,而我却无法连接到安全链接,我怎么能可以从https下载pem文件?有点僵局?无论如何,所以我尝试使用wget http://curl.haxx.se/ca/cacert.pem下载一种不安全的方法来获取pem文件,并且输出为:
  • root@b6df004de9df:/usr/local/etc/openssl# wget http://curl.haxx.se/ca/cacert.pem --2019-11-08 10:21:30-- http://curl.haxx.se/ca/cacert.pem Resolving curl.haxx.se (curl.haxx.se)... 151.101.38.49, 2a04:4e42:9::561 Connecting to curl.haxx.se (curl.haxx.se)|151.101.38.49|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://curl.haxx.se/ca/cacert.pem [following] --2019-11-08 10:21:31-- https://curl.haxx.se/ca/cacert.pem Connecting to curl.haxx.se (curl.haxx.se)|151.101.38.49|:443... connected. ERROR: The certificate of 'curl.haxx.se' is not trusted. ERROR: The certificate of 'curl.haxx.se' hasn't got a known issuer.
      并且由于它是Linux服务器且没有可用的GUI,所以看来我下载的唯一可能方法是通过终端而不是浏览器。
    1. 就是说,我手动创建了cacert.pem文件,并从curl.haxx.se中输入了内容。然后使用以下更改更新了php.ini并重新启动了Apache服务器。 curl.cainfo: /usr/local/etc/openssl/cacert.pemopenssl.cafile: /usr/local/etc/openssl/cacert.pem仍然-
      curl:(60)SSL证书问题:无法获取本地发行者证书

      根据“ openssl_get_cert_locations()”,将curl.cainfo和openssl.cafile更新为php.ini,并将“ /usr/lib/ssl/cert.pem”作为其“ default_cert_file”。重新启动apache服务器。尝试过curl https://www.google.com-仍然卷曲:(60)SSL证书问题:无法获取本地发行者证书

      1. 已创建一个新目录'ssl',因为它尚不存在,并假定默认情况下OpenSSL目录为/usr/local/ssl。在该文件夹中创建了cacert.pem文件。使用此新的更新路径更新了php.ini中的curl.cainfo和openssl.cafile条目。为了安全起见,以防万一,请执行update-ca-certificates --fresh。重新启动Apache服务器。尝试过curl https://www.google.com-仍然

        卷曲:(60)SSL证书问题:无法获取本地发行者证书

  • cURL命令的旁注完整输出
  • root@b6df004de9df:/usr/lib/ssl/certs# curl https://thawte.com curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. root@b6df004de9df:/usr/lib/ssl/certs# openssl s_client -connect thawte.com:443 CONNECTED(00000003) depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net) , emailAddress = [email protected] verify error:num=20:unable to get local issuer certificate --- Certificate chain 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/C=US/ST=Utah/ L=Lehi/O=DigiCert, Inc./OU=IT/CN=thawte.com i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t) 1 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t) i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net)/emailAddress=su [email protected] 2 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net)/emailAddress=su [email protected] i:/C=US/ST=California/L=San Jose/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Root CA/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIIGpzCCBY+gAwIBAgIQv2zANBgkqhkiG9w0XcVFbs+k59YwRwR4v+pBAQsFADCB jTELMAkMxEzARBgNVBAgGA1UEBhMCVVTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpz ... few more lines ... vxrc40H5bMPW/NgnBjRtUEPnAx9b3ll/sj3KfhbxU0bgnEYNMLb+nwnK6NDZRFpC 5E3fG+TFc9ehaBcF5xWttKz28Wr2nUUhMLhC -----END CERTIFICATE----- subject=/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/C=US/ST=Ut ah/L=Lehi/O=DigiCert, Inc./OU=IT/CN=thawte.com issuer=/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t) --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4270 bytes and written 326 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-SHA Session-ID: Session-ID-ctx: Master-Key: 06D54188D4F60C7746664262F72361EFE8DC728E9D37FDB25641A28C226DE83C3C574C781A0E4A268A7AEB6187EF54BF PSK identity: None PSK identity hint: None SRP username: None Start Time: 1573209517 Timeout : 7200 (sec) Verify return code: 20 (unable to get local issuer certificate) Extended master secret: no --- read:errno=0

    我在Windows机器上,运行Docker。 Docker镜像来自php:7.3-apache。使用系统:Linux b6df004de9df 4.9.184-linuxkit#1 SMP Tue Jul 2 22:58:16 UTC 2019 x86_64具有...
    php docker ssl curl openssl
    1个回答
    0
    投票
    2。通过浏览器下载证书,并将其复制到容器中阅读有关Mount volume (-v, --read-only)的信息>

    3。在不安全模式下使用wget(不建议)-使用标志--no-check-certificate

    © www.soinside.com 2019 - 2024. All rights reserved.