Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to enable CURLOPT_SSL_VERIFYHOST = 2 support on my OS/PHP

Tags:

php

curl

ssl

I have been developing a site locally that authenticates against a centrailzed signon. One of the steps is requiring me to make a curl request to an https resource to get an access token.

Part of the curl config is:

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);                                         
    //curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

As you can see I commented out the CURLOPT_SSL_VERIFYHOST option. I have read on php.net and on various blogs/stackoverflow (Security consequences of disabling CURLOPT_SSL_VERIFYHOST (libcurl/openssl)) posts WHAT these options mean.

On my development machine CURLOPT_SSL_VERIFYHOST 2 has been working fine. I am just using the vanilla php install provided in ubuntu 12.04 php5 package, and php5-curl.

On production (rackspace cloudsites) the CURLOPT_SSL_VERIFYHOST 2 is not working, which is why I changed it to false to verify this was the issue. Seeing as i didn't explicitly do anything to enable this on my localhost I do not know what directives/config options controls this.

What I mean by it is "not working" is that on production the curl call is returning an http_code of 0 when the VERIFYHOST is set to 2. When I set it to FALSE it is returning a status code of 200

My question is:

How can i enable SSL_VERIFYHOST on a linux box?

Any help would be greatly appreciated. Thank you.

like image 825
dm03514 Avatar asked Mar 21 '13 15:03

dm03514

1 Answers

For '2' you have to ensure the common name in the SSL certificate matches the hostname being utilized. This is the default and should be straight-forward as long as your SSL certificate is appropriately created for the hostname (common name) you're using it on.

From the PHP curl_setopt manual:

1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. In production environments the value of this option should be kept at 2 (default value).

Manual Entry for curl_setopt

like image 55
Mark Stanislav Avatar answered Oct 30 '22 17:10

Mark Stanislav
Sign in to Comment

Related questions

Broadcasting messages with Server-Sent events
PHP MySQL INSERT not inserting nor any error is displayed
Check if file is JPEG, PDF or TIFF
PHP-FPM with dedicated error log file
Facebook PHP SDK dealing with Access Tokens
Get variance and standard deviation of two numbers in two different rows/columns with sqlite / PHP
mobile app development - how to create a server implementation
PHP - Session_Destroy upon pressing Back button
__get is not called if __set is not called, however code works?
http_redirect() vs header() [duplicate]
How to define a custom block regions in moodle theme designing?
Composer ignoring zip dependecies' composer.json file
Doctrine2 in Symfony2: How can I see which object-call leads into a query?
What is the efficiency of strlen() in PHP?
How to connect a PHP backend to Google Analytics API
Summing over multiple fields in Laravel
Php exec encoding
Mysqli update throwing Call to a member function bind_param() error [duplicate]
MySQL - Search a field ignoring spaces
opposite of/n? - ESC/POS and PHP right/ left justify on the same line

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!