cURL requires CURLOPT_SSL_VERIFYPEER=FALSE

Question

I was using cURL on my localhost for the longest time and all the sudden I noticed it no longer works unless I explictly set the option, CURLOPT_SSL_VERIFYPEER=FALSE.

I have no idea how/when this changed but I'm using NGINX and PHP and I can verify that this is not a specific issue to a specific requested host. I'm getting blank responses from https://site1.com and https://different-site.com.

Anyone have any thoughts?

Answer 1

The value for CURLOPT_SSL_VERIFYPEER by default is TRUE as of cURL 7.10.

Hence you may need to explicitly set it to FALSE to prevent CURL from verifying the certificate.

Answer 2

Thanks to Dave Chen's suggestions, I realized I must have misplaced my certificate. The problem is solved by this certificate which is provided by the cURL creator (extracted from Mozilla): https://curl.haxx.se/ca/cacert.pem

So after downloading this cacert.pem file into your project, in PHP you can now do this:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/cacert.pem");

Alternatively, this can be set globally by adding the following to your php.ini

curl.cainfo=/path/to/cacert.pem

Answer 3

If you are using WampServer, notice this:

You must put the absolute path in CURLOPT_CAINFO, for example:

curl_setopt ($ch, CURLOPT_CAINFO, 'C:\wamp\www\your-project\cacert.pem')

Don't use relative path: curl_setopt ($ch, CURLOPT_CAINFO, 'cacert.pem') because it doesn’t work.