Using curl in PHP doesn't work

Question

I'm trying to get a HTML page using curl in PHP on Ubuntu 15.10.

My code is the follow ..

<?php
    ini_set('display_errors', 1);

    $url = 'http://www.galliera.it/118';

    print "The url ... ".$url;
    echo '<br>';
    echo '<br>';

    //#Set CURL parameters ...
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
    curl_setopt($ch, CURLOPT_PROXY, '');
    $data = curl_exec($ch);
    curl_close($ch);

    print "Data ... ".$data;
    echo '<br>';
    echo '<br>';

?>

I can't show the $data value when I execute my code and in my console there is 200 as execution code returned.

Any help / suggestion / example?

Answer 1

You need to set up curl with SSL

If CURLOPT_SSL_VERIFYPEER is true (and it should be!), you need to tell curl where to look for certificates using CURLOPT_CAINFO and CURLOPT_CAPATH (documentation).

All browsers that use SSL must have a local collection of public keys of the different Certificate Authorities, so they can establish a chain of trust to the website's secure connection. This list needs to be updated regularly as certificates expire and are replaced, become compromised and cannot be trusted or new ones are added. The website https://curl.haxx.se/ has a cacert.pem file extracted from Mozilla.

The recommended way of getting an up to date copy is to periodically download it from that site, but not too often as to overwhelm their servers. Once every month should be enough.

On linux, you can use a crontab entry like this:

# update CA cert store every month
0 1 1 * * curl --remote-name --time-cond /path/to/cacert.pem https://curl.haxx.se/ca/cacert.pem

The url 302 redirects to the https version anyway, so it should be https and you saved a network roundtrip.

$url = 'https://www.galliera.it/118';

$ch = curl_init();
$opt = array(
  CURLOPT_AUTOREFERER => true,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HEADER => false,
  CURLOPT_URL => $url,
  CURLOPT_SSL_VERIFYHOST => 2, //match common name in cert
  CURLOPT_SSL_VERIFYPEER => true,
  CURLOPT_ENCODING => '', //enable gzip
  CURLOPT_CAINFO => '/path/to/cacert.pem', //CA cert store !!!
  // if you are using linux and have openssl installed:
  CURLOPT_CAPATH => '/etc/ssl/certs',
  // you only need this when actually using a proxy
  // curl_setopt($ch, CURLOPT_PROXY, '');
);
curl_setopt_array($ch, $opt);
$data = curl_exec($ch);
curl_close($ch);

echo $data;

With CURLOPT_PROXY you specify a proxy ip:port, but if you're not using one just don't have it in there.