cURL requires CURLOPT_SSL_VERIFYPEER=FALSE
Solution 1
Thanks to Dave Chen's suggestions, I realized I must have misplaced my certificate. The problem is solved by this certificate which is provided by the cURL creator (extracted from Mozilla): https://curl.haxx.se/ca/cacert.pem
So after downloading this cacert.pem file into your project, in PHP you can now do this:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/cacert.pem");
Alternatively, this can be set globally by adding the following to your php.ini
curl.cainfo=/path/to/cacert.pem
Solution 2
If you are using WampServer, notice this:
You must put the absolute path in CURLOPT_CAINFO, for example:
curl_setopt ($ch, CURLOPT_CAINFO, 'C:\wamp\www\your-project\cacert.pem')
Don't use relative path: curl_setopt ($ch, CURLOPT_CAINFO, 'cacert.pem') because it doesn’t work.
Solution 3
The value for CURLOPT_SSL_VERIFYPEER by default is TRUE as of cURL 7.10.
Hence you may need to explicitly set it to FALSE to prevent CURL from verifying the certificate.
Related videos on Youtube
tim peterson
web programming-javascript, php, mysql, css, html-is my thang
Updated on July 30, 2022Comments
-
tim peterson over 1 year
I was using cURL on my localhost for the longest time and all the sudden I noticed it no longer works unless I explictly set the option,
CURLOPT_SSL_VERIFYPEER
=FALSE
.I have no idea how/when this changed but I'm using NGINX and PHP and I can verify that this is not a specific issue to a specific requested host. I'm getting blank responses from
https://site1.com
andhttps://different-site.com
.Anyone have any thoughts?
-
Dave Chen over 10 yearsI love this hidden gem, it explains how you can use certificates to verify hosts.
-
Young over 10 years
-
tim peterson over 10 years@DaveChen and -@Young thanks but do you have a sense as to why I didn't need to supply a certificate before, but do now?
-
Dave Chen over 10 yearsFrom another answer on the same question. cURL used to bundle CA certs, but now you must download them manually and pass them to cURL or give a default value within PHP.
-
tim peterson over 10 yearsthose answers are 2 years old, this problem has arose for me in the last month.
-
Dave Chen over 10 yearsI would ask if any changes were made to the environment, i.e, *.ini files being reset or having files moved (CA certs missing). Other than that, I don't think cURL would work while having
CURLOPT_SSL_VERIFYPEER => 1
and no certificates to verify the peer with. Could you provide a little more information on your host? Is it shared, homeroot, vps, dedicated? -
tim peterson over 10 yearsI'm the sole user of the host, its just my mac laptop, so I likely screwed something up. I must have installed a certificate at some point but would have no idea when I did and more troubling why it was removed. I'm still a newer developer so trying to slowly ween away from copy/paste things I learn about on the internet.
-
-
Gihan over 8 yearsI'm not a security expert but downloading .pem file form insecure source (http:) can be trusted?
-
Hanthony Tagam over 6 yearswhere can i place this curl_setopt syntax if im using codeigniter
-
Alliswell over 2 yearsAbout file name, some programs will expect this file to be named
ca-bundle.crt
(in the correct path) More details here