SyntaxFix

[php] PHP CURL CURLOPT_SSL_VERIFYPEER ignored

For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert (path? access rights?)

Following suggestions posted here on related issues I have tried to do the following:

  • Disable verification for host and peer

    curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);

  • Enable CURLOPT_SSL_VERIFYPEER and point to cacert.pem downloaded from http://curl.haxx.se/docs/caextract.html

    curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);  
curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");

  • I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.

  • Edit php ini settings with curl.cainfo=cacert.pem (file in the same directory and accessible by apache)

  • Rename /etc/pki/nssdb to /etc/pki/nssdb.old

Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert (path? access rights?) message.

And I don't need this verification in the first place (I am aware of security issues).

Does anybody have any other suggestions?

UPDATE

After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!

This question is related to php ssl curl https

The answer is

We had the same problem on a CentOS7 machine. Disabling the VERIFYHOST VERIFYPEER did not solve the problem, we did not have the cURL error anymore but the response still was invalid. Doing a wget to the same link as the cURL was doing also resulted in a certificate error.

-> Our solution also was to reboot the VPS, this solved it and we were able to complete the request again.

For us this seemed to be a memory corruption problem. Rebooting the VPS reloaded the libary in the memory again and now it works. So if the above solution from @clover does not work try to reboot your machine.

According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.

Also look at CURLOPT_SSL_VERIFYHOST:

  • 1 to check the existence of a common name in the SSL peer certificate.
  • 2 to check the existence of a common name and also verify that it matches the hostname provided.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

Source: Stackoverflow.com

Examples related to php

I am receiving warning in Facebook Application using PHP SDK Pass PDO prepared statement to variables Parse error: syntax error, unexpected [ Preg_match backtrack error Removing "http://" from a string How do I hide the PHP explode delimiter from submitted form results? Problems with installation of Google App Engine SDK for php in OS X Laravel 4 with Sentry 2 add user to a group on Registration php & mysql query not echoing in html with tags? How do I show a message in the foreach loop?

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to curl

What is the incentive for curl to release the library for free? curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number Converting a POSTMAN request to Curl git clone error: RPC failed; curl 56 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054 How to post raw body data with curl? Curl : connection refused How to use the curl command in PowerShell? Curl to return http status code along with the response How to install php-curl in Ubuntu 16.04 curl: (35) SSL connect error

Examples related to https

What's the net::ERR_HTTP2_PROTOCOL_ERROR about? Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website Android 8: Cleartext HTTP traffic not permitted ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" How do I make a https post in Node Js without any third party module? Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint How to force Laravel Project to use HTTPS for all routes? Could not create SSL/TLS secure channel, despite setting ServerCertificateValidationCallback Use .htaccess to redirect HTTP to HTTPs

Tags

Winghci Nested-routes Type-conversion Flux Google-perftools Blink Javafx Long-filenames Opennetcf Preview-pane Theory Jung Openejb Smallcaps Appstore-approval Rgl Evb Devil Ecl Smooth-scrolling Toolchain Parseexception Webgrid Metabase Function-module Urlconnection High-volume Signing Delay-load Generic-type-argument Tramp Basecamp Osx-server Guava Asp.net-2.0 Keywordquery Autoresizingmask 2d Flashbuilder4 Nstableviewcell Inode Coledatetime Updatepanel-progressbar Key-value-coding Ocunit Recurrence Persistent Gdk Human-interface Utorrent Naked-objects Expression-templates Tpngimagelist Asp.net-mvc-views Static-assert Domain-masking Tracking Durable-services Asmselect Visualhg Windows-search higher-order-components Arb Counter Zcml Iframe Openvms Xmlserializer Mapper Freebase Stream-cipher Vote Vertical-sync Dbnull Documentation-generation Visual-studio-designer Abstract-base-class Android-wake-lock Robust Datafeed Daemons Step Bjam Open-uri Sql-order-by Keypad Datasnap Maked-textbox Trial Xtunit Tbucketlist Contactgroups Assembla Inventory Imanage Timedelay Spock Scjp Cop Cluster-computing