Hi Ken,

> I have a site which uses the latest cURL libray and commandline interface.
> Since that upgrade, the cURL PHP exec fails to particular https sites wth
an
> error code of 60. From the commandline, I can override this failure with
a "-
> k" option. Is there a CURLOPT_something constant that provides the same
> override? PHP version is 4.2.3

The most likely problem is that soem of your sites need specific CA certs
(ie they may be self generated) , so you need to get CA certs from those
sites. Failing that, it is possible to diable this check from PHP, as -k
does from the command line.

see http://curl.haxx.se/libcurl/c/curl_easy_setopt.html as well as the PHP
manual.

I think what you need is curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

This is untested as I was using a custom CA cert and also a proivate key,
here is the options I used to get that to work

 CURLOPT_SSL_VERIFYHOST: Pass a long if CURL should verify the Common name
of the peer certificate in the SSL handshake. A value of 1 denotes that we
should check for the existence of the common name, a value of 2 denotes that
we should make sure it matches the provided hostname.
 curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);

CURLOPT_SSLCERT: Pass a string containing the filename of PEM formatted
certificate
 curl_setopt ($ch,CURLOPT_SSLCERT, $private_cert);

CURLOPT_SSLCERTPASSWD: Pass a string containing the password required to use
the CURLOPT_SSLCERT certificate
 curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $private_cert_password );

// enable verifivation of host
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);

 // using this CA cert
 curl_setopt($ch, CURLOPT_CAINFO, $ca_cert);

HTH,

Kevin

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
Received on 2003-06-10