php get_headers fails for a URL which I can enter into browser

Question

I am using get_headers to verify the validity of a URL.

https://central.bac-lac.gc.ca/.item/?app=Census1921&op=img&id=e002943819

If I enter this URL into my browser it works. But if I wish to test the URL BEFORE stuffing it into a tag by passing it to get_headers it fails.

Warning: get_headers(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /home/jamescobban/public_html/DisplayImage.php on line 186

Warning: get_headers(): Failed to enable crypto in /home/jamescobban/public_html/DisplayImage.php on line 186

Warning: get_headers(https://central.bac-lac.gc.ca/.item/?app=Census1921&op=img&id=e002943819): failed to open stream: operation failed in /home/jamescobban/public_html/DisplayImage.php on line 186

So my code issues an error message instead of stuffing the URL into the tag.

See this at https://www.jamescobban.net/DisplayImage.php?src=https%3A%2F%2Fcentral.bac-lac.gc.ca%2F.item%2F%3Fapp%3DCensus1921%26op%3Dimg%26id%3De002943819&buttonname=imageButton&lang=en

Contrast this with https://www.jamescobban.net/DisplayImage.php?src=https%3A%2F%2Fdata2.collectionscanada.ca%2F1911%2Fjpg%2Fe001984006.jpg&buttonname=imageButton&lang=en which is administered by the same department but on a different server. Since the response is nothing but a JPEG I have asked them why they have added the complexity of running a script but they are the GOVERNMENT and do not have to answer to mere taxpayers. Fortunately for the moment they have not removed the old servers which simply stored the images, but that access mode is not available for the most recently released census. As you can see the only purpose of my script is to add a wrapper around the JPEG to permit the user to perform some operations on the image.

I suspect the problem is that this GOVERNMENT web-site is using an expired certificate. I reported that I had detected that problem to the department several months ago but they are using the excuse of COVID to sit on their backsides even though obviously their website is more important than ever in these days when we cannot walk into their office!

How can I convince get_headers to ignore the bad certificate the same way that the browsers do? After all it is not that I distrust that a domain ending in ".gc.ca" is legitimately provided by the government, but it is still desirable for privacy reasons to encrypt my exchanges with any government agency.

The suggestion to turn off security checking is unacceptable. I just want get_headers to tell me whether the URL can be used in the tag so that I do not get the default error message from the browser.

If you want to see the code that is calling get_header go to https://github.com/jcobban/Genealogy/blob/master/DisplayImage.php

Answer 1

I got this to work by supplying a context:

        $context    = stream_context_create(['ssl' => [
                                                'verify_peer' => false,
                                                'verify_peer_name' => false,
                                            ]]);
        $headers                = get_headers($src,0,$context);