For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert [path? access rights?]
Following suggestions posted here on related issues I have tried to do the following:
Disable verification for host and peer
curl_setopt[$cHandler, CURLOPT_SSL_VERIFYHOST, false]; curl_setopt[$cHandler, CURLOPT_SSL_VERIFYPEER, true];
Enable
CURLOPT_SSL_VERIFYPEER
and point to cacert.pem downloaded from //curl.haxx.se/docs/caextract.htmlcurl_setopt[$cHandler, CURLOPT_SSL_VERIFYPEER, true]; curl_setopt[$cHandler, CURLOPT_CAINFO, getcwd[] . "/positiveSSL.ca-bundle"];
I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.
Edit php ini settings with
curl.cainfo=cacert.pem
[file in the same directory and accessible by apache]Rename
/etc/pki/nssdb
to/etc/pki/nssdb.old
Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert [path? access rights?] message.
And I don't need this verification in the first place [I am aware of security issues].
Does anybody have any other suggestions?
UPDATE
After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!
gustavohenke
40.1k13 gold badges117 silver badges124 bronze badges
asked Feb 28, 2013 at 12:41
6
According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFO
option or a certificate
directory can be specified with the CURLOPT_CAPATH
option.
Also look at CURLOPT_SSL_VERIFYHOST:
- 1 to check the existence of a common name in the SSL peer certificate.
- 2 to check the existence of a common name and also verify that it matches the hostname provided.
curl_setopt[$ch, CURLOPT_SSL_VERIFYHOST, 0];
curl_setopt[$ch, CURLOPT_SSL_VERIFYPEER, 0];
Hassaan
6,8585 gold badges29 silver badges48 bronze badges
answered Mar 6, 2013 at 1:10
cloverclover
4,6601 gold badge17 silver badges26 bronze badges
3
We had the same problem on a CentOS7 machine. Disabling the VERIFYHOST
VERIFYPEER
did not solve the problem, we did not have the cURL error
anymore but the response still was invalid. Doing a wget
to the same link as the cURL was doing also resulted in a certificate error.
-> Our solution also was to reboot the VPS, this solved it and we were able to complete the request again.
For us this seemed to be a memory corruption problem. Rebooting the VPS reloaded the libary in the memory again and now it works. So if the above solution from @clover
does not work try to reboot your machine.
answered Jun 8, 2016 at 10:54
RvanlaakRvanlaak
2,82519 silver badges37 bronze badges
1
$ch = curl_init[];
curl_setopt[$ch, CURLOPT_HEADER, 0];
curl_setopt[$ch, CURLOPT_RETURNTRANSFER, 1]; // Return data inplace of echoing on screen
curl_setopt[$ch, CURLOPT_URL, $strURL];
curl_setopt[$ch, CURLOPT_SSL_VERIFYPEER, 0]; // Skip SSL Verification
$rsData = curl_exec[$ch];
curl_close[$ch];
return $rsData;
answered Feb 23 at 4:01