fsockopen，连接服务器时证书验证失败 ssl://imap

我正在尝试使用 fsockopen() 通过 php 脚本连接到 ssl://imap

服务器：CentOS Linux 版本 7.1.1503

阿帕奇

：阿帕奇/2.4.6

PHP： PHP 5.6.17

$host = "ssl://mail.example.com";
$port = 993;
echo "Connecting with " . $host . "o port " . $port;
$socket = fsockopen($host, $port, $errno, $errstr, 30);
if (!$socket) {
echo "Connection failed";
}
$line = fgets($socket);
return $line;

收到此错误：

Connecting with ssl://mail.example.com port 993PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in imapProtocols/imap.php on line 7
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in imapProtocols/imap.php on line 7
PHP Warning:  fsockopen(): Failed to enable crypto in imapProtocols/imap.php on line 7
Warning: fsockopen(): Failed to enable crypto in /home/bmarszal/imapProtocols/imap.php on line 7
PHP Warning:  fsockopen(): unable to connect to ssl://mail.example.com:993 (Unknown error) in imapProtocols/imap.php on line 7
Warning: fsockopen(): unable to connect to ssl://mail.example.com:993 (Unknown error) in imapProtocols/imap.php on line 7
Connection failedPHP Warning:  fgets() expects parameter 1 to be resource, boolean given in imapProtocols/imap.php on line 11
Warning: fgets() expects parameter 1 to be resource, boolean given in imapProtocols/imap.php on line 11

这是我的php.ini与SSL配置有关：

$php -i |grep ssl
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, sslv2, tls, tlsv1.0, tlsv1.1, tlsv1.2
openssl
Openssl default config => /etc/pki/tls/openssl.cnf
openssl.cafile => /etc/ssl/certs/ca-bundle.trust.crt => /etc/ssl/certs/ca-bundle.trust.crt
openssl.capath => /etc/ssl/certs/ => /etc/ssl/certs/

对于大写的SSL和资本SSL

$php -i |grep SSL
SSL => Yes
SSL Version => NSS/3.15.4
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version => OpenSSL 1.0.1e-fips 11 Feb 2013
Native OpenSSL support => enabled

但是当我尝试使用 openSSL 客户端连接到同一服务器时，我收到了 OK 响应，几乎没有错误。我通过添加 CA 证书来解决此错误。然后我从openssl客户端收到这个输出

openssl s_client -connect imap.exaple.com:993
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = Hosted by Allenta Consulting, OU = PositiveSSL Wildcard, CN = *.exaple.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=Hosted by Allenta Consulting/OU=PositiveSSL Wildcard/CN=*.example.
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Hosted by Allenta Consulting/OU=PositiveSSL Wildcard/CN=*.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 1718 bytes and written 573 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1
Cipher    : AES256-SHA
Session-ID:  5B621F5347861FCE91811F4BA5C2CA8DA7D73D493791BE7491DEF0CCB714C1AD
Session-ID-ctx: 
Master-Key: 7DE0349D9057174C6C2DF9924F14CDB6FD7A35FDDB3FC0F128BF04CD2EA0852CAD1E8BBABF24854D4CC2FDF69C947DB7
Key-Arg   : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - ea d4 d7 55 8c 93 8d 79-23 5b 2c 2a 4f bb d0 94   ...U...y#[,*O...
0010 - c3 00 d7 fd 33 52 76 48-45 3c cf 9e 54 2f 24 db   ....3RvHE<..T/$.
0020 - 04 f6 f3 09 47 ba 5d 9a-c8 b8 8f 7e 98 5e 33 b0   ....G.]....~.^3.
0030 - c3 ab 71 1c f5 0e 03 fd-19 b8 be b7 8c f6 58 79   ..q...........Xy
0040 - 79 59 b6 a6 4e 97 0c 71-e1 61 ec c1 ff 41 0b 25   yY..N..q.a...A.%
0050 - 7a 5f ed 38 00 86 41 42-83 1c a4 c4 65 13 2d 19   z_.8..AB....e.-.
0060 - 73 3c ff cf be 90 43 c7-dc e4 04 0c 1b 78 57 a9   s<....C......xW.
0070 - 8d 22 5d c6 a6 61 0a f0-d6 04 ce 45 2e c7 88 f1   ."]..a.....E....
0080 - 9c 15 91 1a 90 03 08 74-7e b7 51 bc 08 47 7c 38   .......t~.Q..G|8
0090 - 47 62 3e 16 04 b1 58 de-c0 a1 b3 36 dc ca 42 f6   Gb>...X....6..B.
Start Time: 1456230737
Timeout   : 300 (sec)
Verify return code: 0 (ok)
---
* OK IMAP4 Ready 212.160.140.206 0001dd1c

我知道问题：SSL错误SSL3_GET_SERVER_CERTIFICATE：证书验证失败，但我需要使用fsockopen()解决此问题

我用"示例"替换敏感的公司数据，它看起来像：imap.company.com