PHP CURL CURLOPT_SSL_VERIFYPEER ignored

PhpSslCurlHttps

Php Problem Overview

For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert (path? access rights?)

Following suggestions posted here on related issues I have tried to do the following:

  • Disable verification for host and peer

      curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false);
  curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);

  • Enable CURLOPT_SSL_VERIFYPEER and point to cacert.pem downloaded from http://curl.haxx.se/docs/caextract.html

      curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);  
  curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");

  • I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.

  • Edit php ini settings with curl.cainfo=cacert.pem (file in the same directory and accessible by apache)

  • Rename /etc/pki/nssdb to /etc/pki/nssdb.old

Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert (path? access rights?) message.

And I don't need this verification in the first place (I am aware of security issues).

Does anybody have any other suggestions?

UPDATE

After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!

Php Solutions

Solution 1 - Php

According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.

Also look at CURLOPT_SSL_VERIFYHOST:

  • 1 to check the existence of a common name in the SSL peer certificate.
  • 2 to check the existence of a common name and also verify that it matches the hostname provided.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

Solution 2 - Php

We had the same problem on a CentOS7 machine. Disabling the VERIFYHOST VERIFYPEER did not solve the problem, we did not have the cURL error anymore but the response still was invalid. Doing a wget to the same link as the cURL was doing also resulted in a certificate error.

-> Our solution also was to reboot the VPS, this solved it and we were able to complete the request again.

For us this seemed to be a memory corruption problem. Rebooting the VPS reloaded the libary in the memory again and now it works. So if the above solution from @clover does not work try to reboot your machine.

Solution 3 - Php

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return data inplace of echoing on screen
curl_setopt($ch, CURLOPT_URL, $strURL);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Skip SSL Verification
$rsData = curl_exec($ch);
curl_close($ch);
return $rsData;
Categories
Recommended Php Solutions
Recommended Ssl Solutions
Recommended Curl Solutions
Recommended Https Solutions

Previous Solution:

How to use the CancellationToken property?

C#MultithreadingConcurrencyCancellationCancellation Token

Next Solution:

Mismatched anonymous define() module

JavascriptJqueryRequirejs

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionGregView Question on Stackoverflow
Solution 1 - PhpcloverView Answer on Stackoverflow
Solution 2 - PhpRvanlaakView Answer on Stackoverflow
Solution 3 - PhpTamilarasan NallairusunView Answer on Stackoverflow