Menu
I was using cURL on my localhost for the longest time and all the sudden I noticed it no longer works unless I explictly set the option, CURLOPT_SSL_VERIFYPEER=FALSE.
I have no idea how/when this changed but I'm using NGINX and PHP and I can verify that this is not a specific issue to a specific requested host. I'm getting blank responses from https://site1.com and https://different-site.com.
Anyone have any thoughts?
974
To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform "insecure" SSL connections and skip SSL certificate checks while you still have SSL encrypted communications.
When CURLOPT_SSL_VERIFYPEER is enabled, and the verification fails to prove that the certificate is authentic, the connection fails. When the option is zero, the peer certificate verification succeeds regardless. Authenticating the certificate is not enough to be sure about the server.
Thanks to Dave Chen's suggestions, I realized I must have misplaced my certificate. The problem is solved by this certificate which is provided by the cURL creator (extracted from Mozilla): https://curl.haxx.se/ca/cacert.pem
So after downloading this cacert.pem file into your project, in PHP you can now do this:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); curl_setopt($ch, CURLOPT_CAINFO, "/path/to/cacert.pem"); Alternatively, this can be set globally by adding the following to your php.ini
curl.cainfo=/path/to/cacert.pem If you are using WampServer, notice this:
You must put the absolute path in CURLOPT_CAINFO, for example:
curl_setopt ($ch, CURLOPT_CAINFO, 'C:\wamp\www\your-project\cacert.pem') Don't use relative path: curl_setopt ($ch, CURLOPT_CAINFO, 'cacert.pem') because it doesn’t work.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
