Enabling SSL Support for CURL in XAMPP

Question

I am using an encoded PHP script, which requires SSL support for CURL.

I am currently using XAMPP for local development and need to know how to update the default CURL such that SSL is enabled over it.

The reason I am looking for an upgrade/support is that I am getting the following error, which when googled up and etc. I understand that SSL is not supported for CURL on my machine.

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Anyone have any recommendations for me, please? My Current local server config:

XAMPP 1.7.3 cURL support enabled
cURL Information 7.19.6
Apache Version Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Server at localhost Port 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1

Answer 1

Not supported on your machine? The error you've posted means that CURL wasn't able to verify the SSL certificate for the remote server, and doesn't necessarily point to a specific inadequacy of your machine. In my previous experience with CURL, it defaults to not accepting/trusting any certificates. Depending on your setup and what you plan to do with it, you may want to trust a single, self-signed certificate [[Cannot verify self-signed certs!]] (e.g. from another machine you run) or you may want to trust a true Certificate Authority (which will enable verification of any certs signed by that CA). This tutorial is fairly straightforward, provided you're familiar with how to change CURL's settings: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

You can pick and choose root CAs if you take that path, but if you're just securing transfers between two of your own machines you only need to set CURL to trust the other machine's certificate.

On the other hand, if you indeed have some deeper problem with SSL, it may have resulted from any number of things, such as being built without SSL support. If you are making, configuring, and compiling your own build of CURL, you may want to take a look at http://curl.haxx.se/docs/faq.html on the topics concerning SSL, including

http://curl.haxx.se/docs/sslcerts.html and http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when

Take note in the latter link (the FAQ) that self-signed certificates CANNOT be verified. If you're connecting to another of your own servers, its certificate will need to be signed by a CA and the CA's certificate trusted by CURL for the connection to succeed. There are free CAs out there if you only need to get a signature or you can set up your own CA (In my experience, it's just ten times easier to get it signed by someone already set up to do so). If the other server is hosting a secure site that deals with "the real world" (money, products, personal information, etc), its cert should be or you should get it signed by a trusted CA anyway (VISA, Equifax, Comodo, you can find a list of trusted root CAs in every browser).

I've covered what I can in response to that error, but if none of this helps, a little more information on your setup and system might help. :)