Curl игнорировать ssl ошибку php

For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert (path? access rights?)

Following suggestions posted here on related issues I have tried to do the following:

  • Disable verification for host and peer

    curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);

  • Enable CURLOPT_SSL_VERIFYPEER and point to cacert.pem downloaded from http://curl.haxx.se/docs/caextract.html

    curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);  
curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");

  • I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.

  • Edit php ini settings with curl.cainfo=cacert.pem (file in the same directory and accessible by apache)

  • Rename /etc/pki/nssdb to /etc/pki/nssdb.old

Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert (path? access rights?) message.

And I don’t need this verification in the first place (I am aware of security issues).

Does anybody have any other suggestions?

UPDATE

After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!

gustavohenke's user avatar

gustavohenke

41k14 gold badges121 silver badges129 bronze badges

asked Feb 28, 2013 at 12:41

Greg's user avatar

6

According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.

Also look at CURLOPT_SSL_VERIFYHOST:

  • 1 to check the existence of a common name in the SSL peer certificate.
  • 2 to check the existence of a common name and also verify that it matches the hostname provided.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

Muhammad Hassaan's user avatar

answered Mar 6, 2013 at 1:10

clover's user avatar

cloverclover

4,9201 gold badge18 silver badges26 bronze badges

3

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return data inplace of echoing on screen
curl_setopt($ch, CURLOPT_URL, $strURL);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Skip SSL Verification
$rsData = curl_exec($ch);
curl_close($ch);
return $rsData;

answered Feb 23, 2022 at 4:01

Tamilarasan Nallairusun's user avatar

We had the same problem on a CentOS7 machine. Disabling the VERIFYHOST VERIFYPEER did not solve the problem, we did not have the cURL error anymore but the response still was invalid. Doing a wget to the same link as the cURL was doing also resulted in a certificate error.

-> Our solution also was to reboot the VPS, this solved it and we were able to complete the request again.

For us this seemed to be a memory corruption problem. Rebooting the VPS reloaded the libary in the memory again and now it works. So if the above solution from @clover does not work try to reboot your machine.

answered Jun 8, 2016 at 10:54

Rvanlaak's user avatar

RvanlaakRvanlaak

2,98120 silver badges40 bronze badges

1

Try below if working for you:

For SSL verification we need to set 2

CURLOPT_SSL_VERIFYHOST =2
CURLOPT_SSL_VERIFYPEER =2

For not verification we need to set 0

CURLOPT_SSL_VERIFYHOST =0
CURLOPT_SSL_VERIFYPEER =0

default is always false

answered May 19 at 5:58

ankit upadhyay's user avatar

1

Источник

For some reason I am unable to use CURL with HTTPS. Everything was working fine untill I ran upgrade of curl libraries. Now I am experiencing this response when trying to perform CURL requests: Problem with the SSL CA cert (path? access rights?)

Following suggestions posted here on related issues I have tried to do the following:

  • Disable verification for host and peer

    curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);

  • Enable CURLOPT_SSL_VERIFYPEER and point to cacert.pem downloaded from http://curl.haxx.se/docs/caextract.html

    curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);  
curl_setopt($cHandler, CURLOPT_CAINFO, getcwd() . "/positiveSSL.ca-bundle");

  • I also tried to do the same thing with positiveSSL.ca-bundle which was provided as bundle CA certificate for the server I am trying to connect to.

  • Edit php ini settings with curl.cainfo=cacert.pem (file in the same directory and accessible by apache)

  • Rename /etc/pki/nssdb to /etc/pki/nssdb.old

Unfortunatelly none of the above are able to solve my problem and I constantly get Problem with the SSL CA cert (path? access rights?) message.

And I don’t need this verification in the first place (I am aware of security issues).

Does anybody have any other suggestions?

UPDATE

After updating to the latest libraries and restart of the whole box, not just apache which I was doing it all seems to be working now again!!!

gustavohenke's user avatar

gustavohenke

41k14 gold badges121 silver badges129 bronze badges

asked Feb 28, 2013 at 12:41

Greg's user avatar

6

According to documentation: to verify host or peer certificate you need to specify alternate certificates with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option.

Also look at CURLOPT_SSL_VERIFYHOST:

  • 1 to check the existence of a common name in the SSL peer certificate.
  • 2 to check the existence of a common name and also verify that it matches the hostname provided.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

Muhammad Hassaan's user avatar

answered Mar 6, 2013 at 1:10

clover's user avatar

cloverclover

4,9201 gold badge18 silver badges26 bronze badges

3

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return data inplace of echoing on screen
curl_setopt($ch, CURLOPT_URL, $strURL);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Skip SSL Verification
$rsData = curl_exec($ch);
curl_close($ch);
return $rsData;

answered Feb 23, 2022 at 4:01

Tamilarasan Nallairusun's user avatar

We had the same problem on a CentOS7 machine. Disabling the VERIFYHOST VERIFYPEER did not solve the problem, we did not have the cURL error anymore but the response still was invalid. Doing a wget to the same link as the cURL was doing also resulted in a certificate error.

-> Our solution also was to reboot the VPS, this solved it and we were able to complete the request again.

For us this seemed to be a memory corruption problem. Rebooting the VPS reloaded the libary in the memory again and now it works. So if the above solution from @clover does not work try to reboot your machine.

answered Jun 8, 2016 at 10:54

Rvanlaak's user avatar

RvanlaakRvanlaak

2,98120 silver badges40 bronze badges

1

Try below if working for you:

For SSL verification we need to set 2

CURLOPT_SSL_VERIFYHOST =2
CURLOPT_SSL_VERIFYPEER =2

For not verification we need to set 0

CURLOPT_SSL_VERIFYHOST =0
CURLOPT_SSL_VERIFYPEER =0

default is always false

answered May 19 at 5:58

ankit upadhyay's user avatar

1

Источник

Fix SSL certificate problem with PHP curl

In this article, I will show share with you a tip to fix SSL certificate problem with PHP curl when making HTTPS requests.

Article Contents

Making HTTPS requests

Before talking about the issue, let us try an old example by making HTTP request.

$url = "http://WEBSITE";

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($ch);

if(curl_errno($ch)) {
    echo 'Error: '.curl_error($ch);
} else {
    echo $result;
}

curl_close ($ch);

It is alright for HTTP site, but if we change the $url into a HTTPS url, ex. https://petehouston.com , does it work normally?

No, it doesn’t. It shows this nagging error:

Error: SSL certificate problem: unable to get local issuer certificate

The error means we need to configure curl instance to deal with SSL-enabled websites.

Fix SSL certificate problem

There are two ways to fix SSL certificate problem with PHP curl module.

  1. Specify the valid CA certificate to curl client.
  2. Ignore SSL verification.

Solution 1: Use a valid CA certificate

I’m not going to explain what CA certificate is and why we need it to make requests.

You just need to download CA certificate provided by curl author, https://curl.haxx.se/docs/caextract.html, or click here to download.

Save the file somewhere in your computer, ex. ~/certs/cacert.pem if you’re on Linux or MacOS, D:\certs\cacert.pem if you’re using Windows.

Config the curl instance with CURLOPT_CAINFO to point to the cacert.pem file.

// for Linux/Mac
curl_setopt($ch, CURLOPT_CAINFO, '/home/petehouston/certs/cacert.pem');

// for Windows
curl_setopt($ch, CURLOPT_CAINFO, 'D:/certs/cacert.pem');

Try to execute the script again, it should work now!

You can also pre-configure the CA certificate by putting it into php.ini, so you don’t need to configure manually for each curl instance.

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = "/home/petehouston/certs/cacert.pem"

Solution 2: Ignore SSL verification

If you don’t really care about SSL verification, you can ignore it by disable the CURLOPT_SSL_VERIFYPEER key.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

It is just working as it with configured certificate.

Conclusion

So which one should I use, you ask?

Again, if you don’t care about the authenticity of the SSL then ignore it; otherwise, make sure you request to the right one.

That’s it! I’ve just shown you how to fix SSL certificate problem with PHP curl module.

Источник

Ignore SSL Certificate errors in PHP (good for debugging or when connecting to trusted domains that re using Let’s Encrypt


This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters

Show hidden characters

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data) );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Ignore SSL Certificate errors
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$html = curl_exec($ch);
if (curl_errno($ch)) {
$html = ‘ERROR: ‘ . curl_error($ch);
}
curl_close ($ch);
?>
Источник

up vote 0
down vote

Нужно отключить проверку валидности ssl сертификата:

отключить curl SSL опции CURLOPT_SSL_VERIFYPEERCURLOPT_SSL_VERIFYHOST в ваш curl-клиенте:

$client->setOption(CURLOPT_SSL_VERIFYPEER, false);
$client->setOption(CURLOPT_SSL_VERIFYHOST, false);
$client->setOption(CURLOPT_SSLVERSION, 3);

На «чистом» curl отключение проверки ssl-сертификата выглядит так:

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

ответил 9 лет назад

avatar

root


?

Источник

Понравилась статья? Поделить с друзьями:
  • Curl 28 ошибка samsung
  • Cyberpower ошибка ch9f
  • Cups внутренняя ошибка сервера
  • Cuphead ошибка при запуске
  • Cyberpower cps600e ошибка f02 что это значит