I had a errors with Curl and SSL certificate
20,669
Here is a working example. You should take a look a your options (reduce the number of option for test) and just set the CURLOPT_SSL_VERIFYPEER
to false in order to disable the CA check.
// connect via SSL, but don't check cert
$handle=curl_init('https://www.google.com');
curl_setopt($handle, CURLOPT_VERBOSE, true);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
$content = curl_exec($handle);
echo $content; // show target page
check HERE
Author by
Alex Alexandrov
Updated on November 03, 2020Comments
-
Alex Alexandrov over 3 years
I had a problem. When you send a POST request with the CURL library to HTTPS get the error: SSL certificate problem, verify that the CA cert is OK. Details: error: 14090086: SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed. using current certificate. I tried various certificates FROM http://www.startssl.com/certs/ and FROM http://curl.haxx.se/docs/caextract.html Tell me what could be the cause of the error? Here's the code POST request:
curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent); curl_setopt($process, CURLOPT_COOKIEFILE, $this->cookie_file); curl_setopt($process, CURLOPT_COOKIEJAR, $this->cookie_file); curl_setopt($process, CURLOPT_ENCODING , ''); curl_setopt($process, CURLOPT_CONNECTTIMEOUT, 120); curl_setopt($process, CURLOPT_TIMEOUT, 120); curl_setopt($process, CURLOPT_PROXY,$this->proxy); curl_setopt($process, CURLOPT_POSTFIELDS, $data); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($process, CURLOPT_POST, 1); curl_setopt($process,CURLOPT_VERBOSE,1); if($ssl){ curl_setopt ($process, CURLOPT_SSL_VERIFYPEER, false); curl_setopt ($process, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($process ,CURLOPT_CAINFO, YiiBase::getPathOfAlias('webroot').'/files/GTECyberTrustGlobalRoot.crt'); } curl_setopt ($process, CURLOPT_HTTPHEADER, array('Expect:')); $return = curl_exec($process); $this->error_code = curl_getinfo($process, CURLINFO_HTTP_CODE);
-
MatRt about 11 yearsdid you try with a self-signed certificate ?
-
MatRt about 11 yearsAccording to this article : unitstep.net/blog/2009/05/05/… you are doing too much action when SSL is enable. If you set the
CURLOPT_SSL_VERIFYPEER
to false, there is no need to set theCURLOPT_CAINFO
and theCURLOPT_SSL_VERIFYHOST
-
Alex Alexandrov about 11 yearsyes, went to the site through a browser, where I tried to send requests through the browser store the certificate and used it when making a request, the same result
-
MatRt about 11 yearsMoreover,
CURLOPT_SSL_VERIFYHOST
seems to take an integer (0, 1, 2) and not a boolean. -
Alex Alexandrov about 11 yearscurl_setopt ($process, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt ($process, CURLOPT_SSL_VERIFYHOST, 2); still not working
-
MatRt about 11 years
CURLOPT_SSL_VERIFYPEER
is taking aBOOLEAN
andCURLOPT_SSL_VERIFYHOST
is taking anINTEGER
. when SSL, just try withcurl_setopt ($process, CURLOPT_SSL_VERIFYPEER, false);
(skip verification of certificate). And what is the purpose ofcurl_setopt ($process, CURLOPT_HTTPHEADER, array('Expect:'));
? -
Alex Alexandrov about 11 yearsI cut curl_setopt ($process, CURLOPT_HTTPHEADER, array('Expect:')); and with (CURLOPT_SSL_VERIFYPEER, false) still old error - " SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".
-
MatRt about 11 yearsdid you comment also the 2 other lines ? (about
CURLOPT_SSL_VERIFYHOST
andCURLOPT_CAINFO
) ? -
Alex Alexandrov about 11 yearsYesterday after work without problems, but today is the fault. curl_setopt ($process, CURLOPT_SSL_VERIFYPEER, false); curl_setopt ($process, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($process ,CURLOPT_CAINFO, YiiBase::getPathOfAlias('webroot').'/files/GTECyberTrustGlobalRoot.crt');
-
MatRt about 11 yearsI made a response, and give a working example
-
Bruno about 11 yearsIf you're after security, do not disable verifypeer or verifyhost.
-
-
Alex Alexandrov about 11 yearsthanks for your suggestions and advice, I'll admit negligence and because of this was a mistake.
-
Eric Kigathi almost 7 years@Bruno I completely understand but in the interest of resolving the question please find/post the cURL feedback
-
jww about 6 yearsVery bad advice; see The most dangerous code in the world: validating SSL certificates in non-browser software. Instead of disabling the certificate verification, you should explain how to make the connection work with
GTECyberTrustGlobalRoot.crt
as the OP is trying to do.