I have this problem on a debian 9 client, that try to run a curl to a website that have valid SSL .
The fix is to blacklist the expired ssl on the client computer, not on server.
|
1 2 |
sed -i 's|mozilla/DST_Root_CA_X3.crt|!mozilla/DST_Root_CA_X3.crt|' /etc/ca-certificates.conf && update-ca-certificates |
这是OpenSSL的一个BUG
也可以在CURL设置
curl_setopt($config,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($config,CURLOPT_SSL_VERIFYPEER,0);
参数,来跳过SSL证书验证