I sent this to curl-users and was told that it should be working in
libcurl, but that that's not the right forum for PHP questions. Maybe
it's the PHP/cURL interaction that's giving me trouble. I'd really
appreciate any help with this that I can get -

I'm using cURL with PHP, and I'm trying to connect to a remote server
via HTTPS with a certificate that was provided to me. This has worked
in the past, but recently it stopped working and I'm seeing this error
from curl_error:

error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

I'm actually connecting to a test server, so it's expected that the CA
will be unknown, as it's essentially made up. I would like cURL to
stop caring about the unknown CA altogether, so I'm setting
CURLOPT_SSL_VERIFYPEER to 0. That doesn't seem to be doing anything,
though. Shouldn't setting that to 0 solve my problem? Maybe I'm
missing something really obvious here. Here's the code that I'm using
to debug the issue -

       $curlconn = curl_init();

       curl_setopt($curlconn , CURLOPT_VERBOSE, 1);
       curl_setopt($curlconn , CURLOPT_SSL_VERIFYPEER, 0);
       curl_setopt($curlconn , CURLOPT_SSL_VERIFYHOST, 0);

       curl_setopt($curlconn , CURLOPT_SSLCERT, $this->cfg->cert);
       curl_setopt($curlconn , CURLOPT_SSLCERTPASSWD, $this->fetchPassword());
       curl_setopt($curlconn , CURLOPT_PORT, $this->cfg->port);
       curl_setopt($curlconn , CURLOPT_RETURNTRANSFER, true);
       curl_setopt($curlconn , CURLOPT_URL, $this->cfg->url);

       $response = curl_exec($curlconn);
       var_dump($response);
       var_dump(curl_error($curlconn));

       curl_close($curlconn);

This same code works fine against a production server that has a
trusted root CA, so that does seem like the issue, but I don't
understand why cURL is insisting on checking it. Am I using the
options incorrectly?

Thanks!
-Ryan
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2008-09-12