Reputation: 5493
PHP ignoring curl.cainfo setting in php.ini (apparently)
I'm trying to fix a php_curl call on a Windows server (running IIS) that is returning the familiar error "SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".
As detailed in many related questions here, I downloaded http://curl.haxx.se/ca/cacert.pem, moved it to my server's hard drive, and added the curl.cainfo setting to my php.ini:
curl.cainfo = "C:\path\to\cacert.pem"
Nothing, still getting the same error. However, specifying the path in the PHP code results in a successful response!
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CAINFO, "C:\path\to\cacert.pem");
$response = curl_exec($ch);
This does give me a workaround I can use for now, but I'm maintaining a large application with php_curl calls in many places, so it would be more logical to specify this setting once in php.ini so it applies to all php_curl calls in the application.
Potential dumb mistake checking:
- I'm restarting IIS between php.ini edits
- I know I'm editing the right php.ini, because "echo ini_get('smtp_port');" reflects changes I make to that setting (changing a non-critical setting just for testing)
- I know IIS can read the file, because it works when setting it using curl_setopt() (above)
Trying to look at the ini setting directly shows that PHP doesn't seem to know anything about it (am I doing this right?):
var_dump(ini_get('curl.cainfo'));
==> bool(false)
Any ideas why PHP wouldn't read the curl.cainfo setting?
Upvotes: 12
Views: 37794
Answers (4)
Reputation: 31
you should fix like this:
Download https://curl.haxx.se/ca/cacert.pem
put the file to php/extras/ssl/cacert.pem
edit php.ini and reload php
curl.cainfo = "C:\Data\php-8.3.0\extras\ssl\cacert.pem"
openssl.cafile = "C:\Data\php-8.3.0\extras\ssl\cacert.pem"
Or you can use other way: edit your php code near curl:
if (defined('CURLSSLOPT_NATIVE_CA') && version_compare(curl_version()['version'], '7.71', '>=')) {
curl_setopt($ch, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
}
this will also solve your problem.
Upvotes: 0
Reputation: 268
In my case nothing helped, until I realized that I didn't have php-curl extension installed. After that, it worked
Upvotes: 0
Reputation: 1
You might not be updating the correct php.ini file. To see which file is being used as php.ini file in your cmd window type the following
php -i
and look for the Loaded configuration file value and open that file and then set the curl_cainfo and openssl_cafile absolute path to the cacert.pem file.
Upvotes: 0
Reputation: 5493
A coworker informed me that this curl php.ini setting was not added until PHP 5.3.7: http://www.php.net/manual/en/curl.configuration.php#ini.curl.cainfo
The particular test server I was working with was running an older version than that, so PHP wasn't reading that setting from php.ini.
Upvotes: 21
Related Questions
- PHP Curl request to IIS results in request format is invalid
- How can I set CURLOPT_CAINFO globally for PHP?
- PHP cURL is not loaded on modifying php.ini
- PHP Curl certinfo empty
- cURL SSL CA Config with Windows Server 2008R2 and PHP 5.2
- Why is CURLOPT_CAINFO defined in the command line, but not in web?
- PHP cURL says https not supported
- Getting cURL to work in PHP with HTTPS
- Phpinfo() not showing curl
- php curl abrupt behavior