cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Default CURLOPT_CAPATH?

From: Dom Latter <curl-and-php_at_latter.org>
Date: Fri, 19 Oct 2007 16:28:10 +0200

Hi there, bit of a newbie with CURL, less so with PHP.

Having trouble getting a PEAR SOAP module talking to an https server that
has an unrecognized root CA certificate. First problem is that the server is
using a root CA certificate that only IE on Windows knows about - firefox on
Ubuntu, Opera on Windows, Safari on MacOS all say they've never heard of
it. However I have got hold of the CA certificate and should be able to
install it wherever it needs to go.

By modifying
/usr/share/php/SOAP/Transport/HTTP.php with the following line:
curl_setopt($ch, CURLOPT_CAPATH, '/a/directory');
where '/a/directory' contains file Thawte_SGC_CA.pem and the symbolic
link a386470b.0 I can get the SOAP module to talk to the server;
otherwise I get the infamous "curl_exec error 60 SSL certificate problem"
error. This is on my development server. On the production server
I can't really go modifying files like this but I can ask them
to install a certificate file if I can tell them where it goes.

I've read this page about, ooh, 20 times now:
http://curl.haxx.se/docs/sslcerts.html
and it says the default bundle is at /usr/local/share/curl/curl-ca-bundle.crt;
I've tried appending the .pem file to it and that hasn't worked. (ANd I've
appended it complete with all the info in the same way as all the other
certs are listed.

Any ideas? I've put the .pem file and its symbolic link in both
/usr/local/share/curl and /etc/ssl/certs but unless I explicitly set
CURLOPT_CAPATH it doesn't work.

Version info:
=======
PHP version 5.2.1
Output of curl_version():
Array
(
    [version_number] => 462597
    [age] => 2
    [features] => 1597
    [ssl_version_number] => 0
    [version] => 7.15.5
    [host] => i486-pc-linux-gnu
    [ssl_version] => OpenSSL/0.9.8c
    [libz_version] => 1.2.3
    [protocols] => Array
        (
            [0] => tftp
            [1] => ftp
            [2] => telnet
            [3] => dict
            [4] => ldap
            [5] => http
            [6] => file
            [7] => https
            [8] => ftps
        )
)
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2007-10-19

This message: [ Message body ]
Next message: Mino Bernardi: "TFTP PUT in PHP"
Previous message: James Hood: "Partial html output problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]