0

Our existing system (ubuntu server) uses curl to connect to another remote server over https. From any browser connection works and we get a response. I opened the port 443 to make sure that it is not being blocked by the firewall.

For testing, I used the curl command via the terminal and received the error:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.

Then after I specified the pem file using --cacert when running the curl command.

Now it shows that "https not supported or disabled in libcurl"

However, when I view the curl information it lists the following: libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 which makes it seem that it includes SSL support.

Additionally, when I view the phpinfo it shows curl is enabled with OpenSSL which seems that the support is built-in. I've attempted setting the curl_setopt within the script but still no success.

Any suggestions?

Here is a snippet of the code from the script:

$url = 'https://ourserver.com/user/';
$fields = array(
    'user' => urlencode($user),
    'password' => urlencode($pass),
    );
foreach ($fields as $key => $value) {
    $fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');

curl_setopt($ch, CURLOPT_CAINFO, '/home/test/key.pem');

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => $url . '?' . $fields_string,
    CURLOPT_USERAGENT => 'Sample cURL Request'
));

$resp = curl_exec($curl);

curl_close($curl);
Aaron
  • 2,672
  • 10
  • 28
  • 45

2 Answers2

2

Your curl_setopt call for CURLOPT_CAINFO option has no effect since it applied for non-existing cURL handle ($ch). You have to move this call after curl_init call as well as to pass proper cURL handle ($curl). Also CURLOPT_CAINFO option requires absolute path, '/home/test/key.pem' is relative path.

So your code should look like this:

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => $url . '?' . $fields_string,
    CURLOPT_USERAGENT => 'Sample cURL Request',
    CURLOPT_CAINFO => $_SERVER['DOCUMENT_ROOT'].'/home/test/key.pem',
));

$resp = curl_exec($curl);

curl_close($curl);
hindmost
  • 7,125
  • 3
  • 27
  • 39
  • Thank you for the reply. When I set the line with the CURLOPT_CAINFO as you mentioned and save changes we're unable to access the site at all. It just shows a white page... – Aaron Mar 04 '14 at 08:31
  • Add output of `curl_errno()` and `curl_getinfo()` before `curl_close`: `echo curl_errno($curl); print_r(curl_getinfo($curl));` – hindmost Mar 04 '14 at 08:43
  • Here is the error that it prints "SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" – Aaron Mar 04 '14 at 13:30
  • You have to ensure that your path to certificate is valid – hindmost Mar 04 '14 at 13:35
  • Turned out to be an issue with the ssl in the end. Was not configured properly. However, once that was resolved specifying the .pem file as you mentioned worked! Thanks again! – Aaron Mar 06 '14 at 10:14
-4

set this in your code:

curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false);
Pradeep
  • 3,093
  • 17
  • 21
  • Please note that [disabling VERIFYPEER or VERIFYHOST makes the connection vulnerable to MITM attacks](http://stackoverflow.com/a/13742121/372643). – Bruno Nov 21 '14 at 11:25