Skip to content
Advertisement

PHP ignoring curl.cainfo setting in php.ini (apparently)

I’m trying to fix a php_curl call on a Windows server (running IIS) that is returning the familiar error “SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed”.

As detailed in many related questions here, I downloaded http://curl.haxx.se/ca/cacert.pem, moved it to my server’s hard drive, and added the curl.cainfo setting to my php.ini:

curl.cainfo = "C:pathtocacert.pem"

Nothing, still getting the same error. However, specifying the path in the PHP code results in a successful response!

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CAINFO, "C:pathtocacert.pem");
$response = curl_exec($ch);

This does give me a workaround I can use for now, but I’m maintaining a large application with php_curl calls in many places, so it would be more logical to specify this setting once in php.ini so it applies to all php_curl calls in the application.

Potential dumb mistake checking:

  1. I’m restarting IIS between php.ini edits
  2. I know I’m editing the right php.ini, because “echo ini_get(‘smtp_port’);” reflects changes I make to that setting (changing a non-critical setting just for testing)
  3. I know IIS can read the file, because it works when setting it using curl_setopt() (above)

Trying to look at the ini setting directly shows that PHP doesn’t seem to know anything about it (am I doing this right?):

var_dump(ini_get('curl.cainfo'));

==> bool(false)

Any ideas why PHP wouldn’t read the curl.cainfo setting?

Advertisement

Answer

A coworker informed me that this curl php.ini setting was not added until PHP 5.3.7: http://www.php.net/manual/en/curl.configuration.php#ini.curl.cainfo

The particular test server I was working with was running an older version than that, so PHP wasn’t reading that setting from php.ini.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement