error:14090086:SSL routines…

curl一个http报错如下：

curl: (60) SSL certificate problem, verify that the CA cert isOK. Details:

error:14090086:SSLroutines:SSL3_GET_SERVER_CERTIFICATE:certificate verifyfailed

More details here:http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a"bundle"

 of Certificate Authority (CA) public keys(CA certs). The default

 bundle is named curl-ca-bundle.crt; you canspecify an alternate file

 using the --cacert option.

If this HTTPS server uses a certificate signed by a CArepresented in

 the bundle, the certificate verificationprobably failed due to a

 problem with the certificate (it might beexpired, or the name might

 not match the domain name in the URL).

If you'd like to turn off curl's verification of thecertificate, use

 the -k (or --insecure) option.

上网络找了半天原来是本地CA证书太老了

https://raymii.org/s/snippets/CentOS_5_CA_Certificate_Bundle_Update.html

然后下载本地做了下测试：curl https://xxxx --cacert/etc/pki/tls/certs/ca-bundle.crt.test

报错：

curl: (35) error:0D0C50A1:asn1 encodingroutines:ASN1_item_verify:unknown message digest algorithm

一查原来是本地openssl版本太低不认识新版的CA好吧。。

最后还是代码里面加上了CURLOPT_SSL_VERIFYPEER =false

安静了

服务器太老了（centos 5.4），还在线服务不能随便动。。