Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Enabling SSL Support for CURL in XAMPP

I am using an encoded PHP script, which requires SSL support for CURL.

I am currently using XAMPP for local development and need to know how to update the default CURL such that SSL is enabled over it.

The reason I am looking for an upgrade/support is that I am getting the following error, which when googled up and etc. I understand that SSL is not supported for CURL on my machine.

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Anyone have any recommendations for me, please? My Current local server config:

XAMPP 1.7.3 cURL support enabled
cURL Information 7.19.6
Apache Version Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Server at localhost Port 80
SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1

like image 550
Stoic Avatar asked Dec 09 '10 08:12

Stoic


People also ask

Does Curl support SSL?

Curl has built-in support for Secure Transport connections (its more secure version is called TLS). When you make a Curl request for an HTTPS URL, Curl automatically checks the target URL's SSL certificate against the local CA certificate store and warns if it is invalid, self-signed, or has expired.

Where do I put SSL certificate in xampp?

The directory specified should contain the Apache folder. From there, navigate to the conf folder >> extra folder >> httpd-ssl. conf file. You can open the file with any text editor.

Does Curl check SSL certificate?

curl performs peer SSL certificate validation by default. This is done using a certificate store that the SSL library can use to make sure the peer's server certificate is valid.


1 Answers

Not supported on your machine? The error you've posted means that CURL wasn't able to verify the SSL certificate for the remote server, and doesn't necessarily point to a specific inadequacy of your machine. In my previous experience with CURL, it defaults to not accepting/trusting any certificates. Depending on your setup and what you plan to do with it, you may want to trust a single, self-signed certificate [[Cannot verify self-signed certs!]] (e.g. from another machine you run) or you may want to trust a true Certificate Authority (which will enable verification of any certs signed by that CA). This tutorial is fairly straightforward, provided you're familiar with how to change CURL's settings: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

You can pick and choose root CAs if you take that path, but if you're just securing transfers between two of your own machines you only need to set CURL to trust the other machine's certificate.

On the other hand, if you indeed have some deeper problem with SSL, it may have resulted from any number of things, such as being built without SSL support. If you are making, configuring, and compiling your own build of CURL, you may want to take a look at http://curl.haxx.se/docs/faq.html on the topics concerning SSL, including

http://curl.haxx.se/docs/sslcerts.html and http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when

Take note in the latter link (the FAQ) that self-signed certificates CANNOT be verified. If you're connecting to another of your own servers, its certificate will need to be signed by a CA and the CA's certificate trusted by CURL for the connection to succeed. There are free CAs out there if you only need to get a signature or you can set up your own CA (In my experience, it's just ten times easier to get it signed by someone already set up to do so). If the other server is hosting a secure site that deals with "the real world" (money, products, personal information, etc), its cert should be or you should get it signed by a trusted CA anyway (VISA, Equifax, Comodo, you can find a list of trusted root CAs in every browser).

I've covered what I can in response to that error, but if none of this helps, a little more information on your setup and system might help. :)

like image 143
Eaglebird Avatar answered Oct 02 '22 05:10

Eaglebird