-
Notifications
You must be signed in to change notification settings - Fork 115
多进程curl发送https失败,nss error 8023 或者cURL error 35
kcloze edited this page Aug 17, 2018
·
2 revisions
swoole-jobs里面多进程消费队列,发送微信模板消息时,大概率出现ssl error 35的错误,经过两天时间的排除,最后定位到curl在子进程中会失效;
错误信息:cURL error 35: A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot. (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
错误堆栈:#0 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(149): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)
#1 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(102): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#2 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#3 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#4 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(51): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#5 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php(66): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#6 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Middleware.php(30): GuzzleHttp\PrepareBodyMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#7 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php(70): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#8 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Middleware.php(60): GuzzleHttp\RedirectMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#9 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/HandlerStack.php(67): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#10 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Client.php(277): GuzzleHttp\HandlerStack->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#11 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Client.php(125): GuzzleHttp\Client->transfer(Object(GuzzleHttp\Psr7\Request), Array)
#12 /data/htdocs/api.yunkezan.com/vendor/guzzlehttp/guzzle/src/Client.php(131): GuzzleHttp\Client->requestAsync('POST', Object(GuzzleHttp\Psr7\Uri), Array)
#13 /data/htdocs/api.yunkezan.com/app/models/Template/BaseTemplate.php(139): GuzzleHttp\Client->request('POST', 'https://api.wei...', Array)
#14 /data/htdocs/api.yunkezan.com/app/tasks/NoticeTask.php(358): MyApp\Models\Template\BaseTemplate->sendTemplate()
#15 [internal function]: MyApp\Tasks\NoticeTask->fansNoticeAction(Array, Array)
#16 [internal function]: Phalcon\Cli\Dispatcher->callActionMethod(Object(MyApp\Tasks\NoticeTask), 'fansnoticeActio...', Array)
#17 [internal function]: Phalcon\Dispatcher->_dispatch()
#18 [internal function]: Phalcon\Dispatcher->dispatch()
#19 /data/htdocs/api.yunkezan.com/vendor/php/ycfLib/src/Foundation/SwooleJobsAction.php(38): Phalcon\Cli\Console->handle(Array)
#20 /data/htdocs/api.yunkezan.com/vendor/kcloze/swoole-jobs/src/Jobs.php(82): YcfTeam\Library\Foundation\SwooleJobsAction->start(Object(Kcloze\Jobs\JobObject))
#21 /data/htdocs/api.yunkezan.com/vendor/kcloze/swoole-jobs/src/Process.php(138): Kcloze\Jobs\Jobs->run('YunKeZan.Promot...')
#22 [internal function]: Kcloze\Jobs\Process->Kcloze\Jobs\{closure}(Object(swoole_process))
#23 /data/htdocs/api.yunkezan.com/vendor/kcloze/swoole-jobs/src/Process.php(204): swoole_process->start()
#24 [internal function]: Kcloze\Jobs\Process->Kcloze\Jobs\{closure}(17)
#25 [internal function]: swoole_event_wait()
原因: 通过在网上查找资料,发现这个原因可能是PHP中curl使用的libcurl库所导致的, 众所周知,https请求会在http请求的基础上加上一个验证证书和对称加密传输内容的步骤,而libcurl的实现可能 是在生成加密密钥的时候是利用了进程的pid来生成的,所以一旦在父进程通过https访问网站,相应的密钥和证书就会生成。 但是之后在子进程中再次通过https访问相同的网站,由于pid不一样,生成的私钥也不同,网站的公钥不配对,所以验证失败, 出现上面的错误。详细过程参考:
http://blog.csdn.net/duandianR/article/details/78568716
解决办法: 重新安装curl扩展,ssl包用openssl
./configure --with-ssl=/opt/OpenSSL
https://curl.haxx.se/docs/install.html
相关链接:
http://blog.csdn.net/duandianR/article/details/78568716
https://stackoverflow.com/questions/26285311/ssl-requests-made-with-curl-fail-after-process-fork
http://www.sebdangerfield.me.uk/2012/10/nss-error-8023-using-aws-sdk-for-php/?utm_source=tool.lu