cURL fails with error: Couldn't understand the server certificate format

Question

Mac OSX El Capitan, default apache install on localhost, brew installed php70. The following code works using cli (php -f test.php), but when run from apache I get the following.

SSL certificate problem: Couldn't understand the server certificate format

Using "http" URLs works fine in both. Same setup on a Ubuntu machine works fine. I had this working before doing a clean install of El Capitan and I vaguely remember something about Mac OSX and openssl for curl but can't find the difference here.

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.example.com/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => array(
    "cache-control: no-cache"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Answer 1

I had the same issue and found the solution after quite a lot of searching...

I am using php56 but I see no reason why this wouldn't also apply for php70.

Verify same issue

First check if the PHP cURL library is using the Mac OS(X) built in version of SSL:
php -i | grep "SSL Version"

If you get SSL Version => SecureTransport then it is using the Mac OS(X) built in version which appears to be at the heart of the issue.

Solution

1. In order to solve this you must install a Homebrew version of the cURL library:

   brew install curl --with-libssh2 --with-openssl
   

2. Then re-install PHP with these two options:
   --with-homebrew-curl --with-homebrew-openssl
   (including any options you require)

   brew install php56 --with-homebrew-curl --with-homebrew-openssl (--with-apache ...)
   

   or for PHP 7.2:

   brew reinstall php72 --with-apache --with-homebrew-curl --with-homebrew-libxslt --with-homebrew-openssl --without-snmp
   

Verify

php -i | grep "SSL Version"

should give:

SSL Version => OpenSSL/1.0.2j

Note: When installing Homebrew cURL they do warn:

macOS already provides this software and installing another version in parallel can cause all kinds of trouble.

I have not lived with this long enough to verify any present/absent issues.

---

Source: https://www.farces.com/wikis/naked-server/php/php-openssl/