PHP7, HTTP2 with cURL PHP7, HTTP2 with cURL curl curl

PHP7, HTTP2 with cURL


php ssl curl http2

I have been a same issue and found out the main reason is a certifcate of the root CA.

The below is my env:

  • curl : 7.48
  • openssl : 1.0.2g
  • php : 5.6.18

Why?

The main reason is a certifcate. Especially, a certifcate of the root CA. The error might be occur when it is not existed or has a wrong path in your system.

And you need to know how to work CURLOPT_SSL_VERIFYPEER about this issue.If you undefine CURLOPT_SSL_VERIFYPEER option, it will have a default value, true. This options enables to verify the endpoint host ssl certificate to avoid a security issue, such as man in the middle attack. And it uses a certificate of the root CA installed your system during the verification process.

solution 1

Check out or install a certificate of the root CA.Generally, it is installed with an openssl. If you met an error message, it will have not installed in the appropriate path or existed.

So, check out the file with the following command.

$ php -r "var_dump(openssl_get_cert_locations());"

an example of the result :

array(8) {  ["default_cert_file"]=>  string(38) "/usr/local/openssl-1.0.2g/ssl/cert.pem"  ["default_cert_file_env"]=>  string(13) "SSL_CERT_FILE"  ["default_cert_dir"]=>  string(35) "/usr/local/openssl-1.0.2g/ssl/certs"  ["default_cert_dir_env"]=>  string(12) "SSL_CERT_DIR"  ["default_private_dir"]=>  string(37) "/usr/local/openssl-1.0.2g/ssl/private"  ["default_default_cert_area"]=>  string(29) "/usr/local/openssl-1.0.2g/ssl"  ["ini_cafile"]=>  string(0) ""  ["ini_capath"]=>  string(0) ""}

In the above, the default cert file path is "/usr/local/openssl-1.0.2g/ssl/cert.pem". Would you have a certificate of the root CA in there? If you have it but located in the different path, move it to the default cert file path with filename "cert.pem". If you don't have it, you need to download it, such as http://curl.haxx.se/ca/cacert.pem.

$ wget http://curl.haxx.se/ca/cacert.pem

then move it in the default cert file path.

solution 2

CURLOPT_SSL_VERIFYPEER => false

This option can solve your problem. But it is possible to exposure your system against the man in the middle attack.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last