cURL requires CURLOPT_SSL_VERIFYPEER=FALSE

61,906

Solution 1

Thanks to Dave Chen's suggestions, I realized I must have misplaced my certificate. The problem is solved by this certificate which is provided by the cURL creator (extracted from Mozilla): https://curl.haxx.se/ca/cacert.pem

So after downloading this cacert.pem file into your project, in PHP you can now do this:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/cacert.pem");

Alternatively, this can be set globally by adding the following to your php.ini

curl.cainfo=/path/to/cacert.pem

Solution 2

If you are using WampServer, notice this:

You must put the absolute path in CURLOPT_CAINFO, for example:

curl_setopt ($ch, CURLOPT_CAINFO, 'C:\wamp\www\your-project\cacert.pem')

Don't use relative path: curl_setopt ($ch, CURLOPT_CAINFO, 'cacert.pem') because it doesn’t work.

Solution 3

The value for CURLOPT_SSL_VERIFYPEER by default is TRUE as of cURL 7.10.

Hence you may need to explicitly set it to FALSE to prevent CURL from verifying the certificate.

Share:
61,906

Related videos on Youtube

tim peterson
Author by

tim peterson

web programming-javascript, php, mysql, css, html-is my thang

Updated on July 30, 2022

Comments

  • tim peterson
    tim peterson over 1 year

    I was using cURL on my localhost for the longest time and all the sudden I noticed it no longer works unless I explictly set the option, CURLOPT_SSL_VERIFYPEER=FALSE.

    I have no idea how/when this changed but I'm using NGINX and PHP and I can verify that this is not a specific issue to a specific requested host. I'm getting blank responses from https://site1.com and https://different-site.com.

    Anyone have any thoughts?

    • Dave Chen
      Dave Chen over 10 years
      I love this hidden gem, it explains how you can use certificates to verify hosts.
    • Young
      Young over 10 years
    • tim peterson
      tim peterson over 10 years
      @DaveChen and -@Young thanks but do you have a sense as to why I didn't need to supply a certificate before, but do now?
    • Dave Chen
      Dave Chen over 10 years
      From another answer on the same question. cURL used to bundle CA certs, but now you must download them manually and pass them to cURL or give a default value within PHP.
    • tim peterson
      tim peterson over 10 years
      those answers are 2 years old, this problem has arose for me in the last month.
    • Dave Chen
      Dave Chen over 10 years
      I would ask if any changes were made to the environment, i.e, *.ini files being reset or having files moved (CA certs missing). Other than that, I don't think cURL would work while having CURLOPT_SSL_VERIFYPEER => 1 and no certificates to verify the peer with. Could you provide a little more information on your host? Is it shared, homeroot, vps, dedicated?
    • tim peterson
      tim peterson over 10 years
      I'm the sole user of the host, its just my mac laptop, so I likely screwed something up. I must have installed a certificate at some point but would have no idea when I did and more troubling why it was removed. I'm still a newer developer so trying to slowly ween away from copy/paste things I learn about on the internet.
  • Gihan
    Gihan over 8 years
    I'm not a security expert but downloading .pem file form insecure source (http:) can be trusted?
  • Hanthony Tagam
    Hanthony Tagam over 6 years
    where can i place this curl_setopt syntax if im using codeigniter
  • Alliswell
    Alliswell over 2 years
    About file name, some programs will expect this file to be named ca-bundle.crt (in the correct path) More details here