Ubuntu 22.04包含与PHP 7.4.33不兼容的OpenSSL 3。在支持SSL的Ubuntu 22.04上,从自定义路径中的源代码构建PHP 7.4.33会导致在PHP中使用SSL功能时出现SSL operation failed错误(即简单的file_get_contents("https://google.com");)。
我们需要在自定义路径中构建,并且Docker/Container也不是这里的选项。
任何帮助将不胜感激!
# Install OpenSSLwget https://www.openssl.org/source/openssl-1.1.1s.tar.gz;tar xvf openssl-1.1.1s.tar.gz;cd openssl-1.1.1s/;./Configure --prefix=/opt/build --openssldir=/opt/build -fPIC -shared linux-x86_64 -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)';make -j 8 && make install;cd ../;# Install PHPwget https://www.php.net/distributions/php-7.4.33.tar.gz;tar xf php-7.4.33.tar.gz;cd php-7.4.33/;export PKG_CONFIG_PATH=/opt/build/lib/pkgconfig;./buildconf --force;./configure --prefix=/opt/php \--with-curl \--with-openssl=/opt/build \--with-openssl-dir=/opt/build;make -j 8 && make install;
上面的最小构建版本似乎可以成功编译,但运行/opt/php/bin/php -r 'echo file_get_contents("https://google.com");'会导致:
root@ubuntu2204:~/php-7.4.33# /opt/php/bin/php -r 'echo file_get_contents("https://google.com");'Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in Command line code on line 1Warning: file_get_contents(): Failed to enable crypto in Command line code on line 1Warning: file_get_contents(https://google.com): failed to open stream: operation failed in Command line code on line 1
在make末尾,我看到以下警告:
/usr/bin/ld: warning: libssl.so.3, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libcurl.so, may conflict with libssl.so.1.1/usr/bin/ld: warning: libcrypto.so.3, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1/usr/bin/ld: warning: libssl.so.3, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libcurl.so, may conflict with libssl.so.1.1/usr/bin/ld: warning: libcrypto.so.3, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1/usr/bin/ld: warning: libssl.so.3, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libcurl.so, may conflict with libssl.so.1.1/usr/bin/ld: warning: libcrypto.so.3, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1
另外,PHP似乎很困惑,同时使用OpenSSL 3.0.2和OpenSSL 1.1.1s?
root@ubuntu2204:~/php-7.4.33# /opt/php/bin/php -i | grep OpenSSLSSL Version => OpenSSL/3.0.2OpenSSL support => enabledOpenSSL Library Version => OpenSSL 1.1.1s 1 Nov 2022OpenSSL Header Version => OpenSSL 1.1.1s 1 Nov 2022OpenSSL support => enabled
此外,我还尝试过使用curl和附加标志进行构建,但这会导致同样的错误。
# Install OpenSSLwget https://www.openssl.org/source/openssl-1.1.1s.tar.gz;tar xvf openssl-1.1.1s.tar.gz;cd openssl-1.1.1s/;./Configure --prefix=/opt/build --openssldir=/opt/build -fPIC -shared linux-x86_64 -Wl,--enable-new-dtags,-rpath,'/opt/build/lib';make -j 8 && make install;cd ../;export CFLAGS="-I/opt/build/include/ -L/opt/build/lib -Wl,-rpath,/opt/build/lib -lssl -lcrypto"export CXXFLAGS="-I/opt/build/include/ -L/opt/build/lib -Wl,-rpath,/opt/build/lib -lssl -lcrypto"# Install Curlwget http://curl.haxx.se/download/curl-7.58.0.tar.bz2tar -xvjf curl-7.58.0.tar.bz2cd curl-7.58.0export PKG_CONFIG_PATH=/opt/build/lib/pkgconfig;export LD_LIBRARY_PATH=/opt/build/lib;./buildconf./configure --prefix=/opt/build --with-ssl=/opt/buildmake -j 8 && make install;cd ../;# Install PHPwget https://www.php.net/distributions/php-7.4.33.tar.gz;tar xf php-7.4.33.tar.gz;cd php-7.4.33/;export PKG_CONFIG_PATH=/opt/build/lib/pkgconfig;export LD_LIBRARY_PATH=/opt/build/lib;./buildconf --force;PKG_CONFIG_PATH=/opt/build/lib/pkgconfig ./configure --prefix=/opt/php \--with-curl=/opt/build \--with-openssl=/opt/build--with-libdir=/opt/build/lib;make -j 8 && make install;
1条答案
按热度按时间j5fpnvbx1#
我们通过upwork提供的付费支持已经发现了这个问题。希望这能帮助其他人。只需要将PHP指向openssl.cnf和CA证书路径。
1.构建OpenSSL
1.设置pkgconfig,并为默认openssl.cnf路径设置ENV
1.构建和安装PHP
1.将php.ini-production复制到/opt/php/lib/中:
1.配置php.ini文件中的/usr/lib/ssl/certs文件
1.应生成HTML输出的测试