PHP CURL CURLOPT_SSL_VERIFYPEER ignored
For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert (path? access rights?)
Following suggestions posted here on related issues I have tried to do the following:
Disable verification for host and peer
curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);Enable
CURLOPT_SSL_VERIFYPEERand point to cacert.pem downloaded from http://curl.haxx.se/docs/caextract.htmlcurl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.
Edit php ini settings with
curl.cainfo=cacert.pem(file in the same directory and accessible by apache)Rename
/etc/pki/nssdbto/etc/pki/nssdb.old
Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert (path? access rights?) message.
And I don't need this verification in the first place (I am aware of security issues).
Does anybody have any other suggestions?
UPDATE
After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!
Answer
According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.
Also look at CURLOPT_SSL_VERIFYHOST:
- 1 to check the existence of a common name in the SSL peer certificate.
- 2 to check the existence of a common name and also verify that it matches the hostname provided.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);