I'm using cURL with PHP, and I'm trying to connect to a remote server
via HTTPS with a certificate that was provided to me. This has worked
in the past, but recently it stopped working and I'm seeing this error
from curl_error 0

error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

I'm actually connecting to a test server, so it's expected that the CA
will be unknown, as it's essentially made up. I would like cURL to
stop caring about the unknown CA altogether, so I'm setting
CURLOPT_SSL_VERIFYPEER to 0. That doesn't seem to be doing anything,
though. Shouldn't setting that to 0 solve my problem? Maybe I'm
missing something really obvious here. Here's the code that I'm using
to debug the issue -

        $curlconn = curl_init();

        curl_setopt($curlconn , CURLOPT_VERBOSE, 1);
        curl_setopt($curlconn , CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($curlconn , CURLOPT_SSL_VERIFYHOST, 0);

        curl_setopt($curlconn , CURLOPT_SSLCERT, $this->cfg->cert);
        curl_setopt($curlconn , CURLOPT_SSLCERTPASSWD, $this->fetchPassword());
        curl_setopt($curlconn , CURLOPT_PORT, $this->cfg->port);
        curl_setopt($curlconn , CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curlconn , CURLOPT_URL, $this->cfg->url);

        $response = curl_exec($curlconn);
        var_dump($response);
        var_dump(curl_error($curlconn));

        curl_close($curlconn);

This same code works fine against a production server that has a
trusted root CA, so that does seem like the issue, but I don't
understand why cURL is insisting on checking it. Am I using the
options incorrectly?

Thanks!
-Ryan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2008-09-11