53

With PHP & curl, I need to connect via a proxy to a SSL secured site, and, ignore certificate warnings. My curl command line looks like this:

curl -k -u username:password -X GET https://someURL

Looking through curl.php, I see what I think are the correct options to set. With them, I end up with something like this:

  $ch = curl_init("https://someURL");
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // Ignore cert errors?
  curl_setopt($ch, CURLOPT_PROXY, true);           // Proxy true?
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");     
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);            
  curl_setopt($ch, CURLOPT_USERPWD, "username:password");      
  $result = curl_exec($ch);

But, $result always returns false. My password has a special character in it, "!". Perhaps I need to escape it? Other than that, any other ideas?

jww
  • 97,681
  • 90
  • 411
  • 885
Doo Dah
  • 3,979
  • 13
  • 55
  • 74

1 Answers1

98

To completely disable ssl certificate checking curl knows the option CURLOPT_SSL_VERIFYPEER. If it is set to false certifcate checking will be disabled at all. As the default value is true, you'll have to add:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

From the PHP documentation:

CURLOPT_SSL_VERIFYPEER FALSE to stop cURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option. TRUE by default as of cURL 7.10. Default bundle installed as of cURL 7.10.

Note that if certificate checking is disabled you can omit the CURLOPT_SSL_VERIFYHOST setting. So the following line can be removed:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

You also asked if the following setting is ok:

curl_setopt($ch, CURLOPT_PROXY, true);

From the PHP documentation:

The HTTP proxy to tunnel requests through.

Means that it accepts a proxy address like '192.168.0.1:3128' if you are using a proxy. true is not meaningful in this case

hek2mgl
  • 152,036
  • 28
  • 249
  • 266
  • @DanielStenberg Yes thats right. The proxy related part of my post just answers : `// Proxy true?`. (Look at the question again) – hek2mgl Mar 06 '13 at 12:01
  • Ah indeed, thanks. I got confused by the answer and didn't correlate properly with the Q. Possibly it can be somewhat clarified in the answer to make it harder for fools like me to make the wrong conclusion... – Daniel Stenberg Mar 06 '13 at 14:48
  • Perfect, I also removed my original comment since it could be misleading. – Daniel Stenberg Mar 06 '13 at 18:50
  • 11
    `if certificate checking is disabled you can omit the CURLOPT_SSL_VERIFYHOST setting` This is not true. If hosts do not match setting CURLOPT_SSL_VERIFYHOST to false is still needed. – Boris D. Teoharov Apr 08 '15 at 17:39
  • What do you mean with `If hosts do not match setting CURLOPT_SSL_VERIFYHOST to false ...` – hek2mgl Apr 08 '15 at 17:46
  • 1
    @BorisD.Teoharov. There should be a comma there. Or a complete rewrite: *If the hosts do not match, then it is still necessary to set CURLOPT_SSL_VERIFYHOST to false.* – TRiG Dec 05 '18 at 17:33
  • @TRiG, absolutely ! I've just read what I worte. I thought the same. Sadly, I cannot edit my old comment. – Boris D. Teoharov Dec 05 '18 at 17:45
  • @BorisD.Teoharov Feel free to rephrase it as long as you are sure that you know what you are doing. I haven't been writing PHP code since ages :) – hek2mgl Dec 05 '18 at 18:58