cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: curl_setopt for the "-k" commandline option

From: Ken Harris <kharris_at_lhinfo.com>
Date: Tue, 10 Jun 2003 15:21:55 -0400

Do I feel foolish, I found the CURLOPT_SSL_VERIFYPEER option right after
posting. Sorry about that, but the option works fine.

Thanks for the replies and the help
Ken

Quoting Kevin Lowe <klowe_at_solomon.ie>:

> Hi Ken,
>
> > I have a site which uses the latest cURL libray and commandline interface.
> > Since that upgrade, the cURL PHP exec fails to particular https sites wth
> an
> > error code of 60. From the commandline, I can override this failure with
> a "-
> > k" option. Is there a CURLOPT_something constant that provides the same
> > override? PHP version is 4.2.3
>
>
> The most likely problem is that soem of your sites need specific CA certs
> (ie they may be self generated) , so you need to get CA certs from those
> sites. Failing that, it is possible to diable this check from PHP, as -k
> does from the command line.
>
> see http://curl.haxx.se/libcurl/c/curl_easy_setopt.html as well as the PHP
> manual.
>
> I think what you need is curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
>
> This is untested as I was using a custom CA cert and also a proivate key,
> here is the options I used to get that to work
>
> CURLOPT_SSL_VERIFYHOST: Pass a long if CURL should verify the Common name
> of the peer certificate in the SSL handshake. A value of 1 denotes that we
> should check for the existence of the common name, a value of 2 denotes that
> we should make sure it matches the provided hostname.
> curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);
>
>
> CURLOPT_SSLCERT: Pass a string containing the filename of PEM formatted
> certificate
> curl_setopt ($ch,CURLOPT_SSLCERT, $private_cert);
>
> CURLOPT_SSLCERTPASSWD: Pass a string containing the password required to use
> the CURLOPT_SSLCERT certificate
> curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $private_cert_password );
>
>
>
> // enable verifivation of host
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
>
> // using this CA cert
> curl_setopt($ch, CURLOPT_CAINFO, $ca_cert);
>
>
> HTH,
>
> Kevin
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The best
> thread debugger on the planet. Designed with thread debugging features
> you've never dreamed of, try TotalView 6 free at www.etnus.com.
>

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
Received on 2003-06-10