[GH-ISSUE #1] Curl can't find cainfo, when doing https request #1

New issue

Closed

opened 2026-02-28 14:22:45 +03:00 by kerem · 6 comments

kerem commented 2026-02-28 14:22:45 +03:00

Owner

Copy link

Originally created by @bartv2 on GitHub (Nov 13, 2018).
Original GitHub issue: https://github.com/chillerlan/php-httpinterface/issues/1

Disabling setting the CURLOPT_CAINFO option to null fixes this issue. Adding this option to the array only when ca_info is set should fix this issue.

Originally created by @bartv2 on GitHub (Nov 13, 2018). Original GitHub issue: https://github.com/chillerlan/php-httpinterface/issues/1 Disabling setting the CURLOPT_CAINFO option to null fixes this issue. Adding this option to the array only when ca_info is set should fix this issue.

kerem closed this issue 2026-02-28 14:22:46 +03:00

kerem commented 2026-02-28 14:22:50 +03:00

Author

Owner

Copy link

@codemasher commented on GitHub (Nov 14, 2018):

Thank you for the info! I should state somewhere that ca certificate (or bundle) is necessary/mandatory for HTTPS. I'll also look into a workaround to not run into errors otherwise.

<!-- gh-comment-id:438486202 --> @codemasher commented on GitHub (Nov 14, 2018): Thank you for the info! I should state somewhere that ca certificate (or bundle) is necessary/mandatory for HTTPS. I'll also look into a workaround to not run into errors otherwise.

kerem referenced this issue 2026-02-28 14:22:50 +03:00

[GH-ISSUE #2] CurlClient fail to exec HTTPS with empty HTTPOptions #2

kerem commented 2026-02-28 14:22:50 +03:00

Author

Owner

Copy link

@codemasher commented on GitHub (Nov 14, 2018):

This is actually handled over here: github.com/chillerlan/php-httpinterface@339f552c65/src/CurlHandle.php (L121)
I think the problem is rather that CURLOPT_SSL_VERIFYPEER is set to true by default, which then requires the cert- I think in an earlier version of the curl client i had this value depending on the existence of a cert.

<!-- gh-comment-id:438488314 --> @codemasher commented on GitHub (Nov 14, 2018): This is actually handled over here: https://github.com/chillerlan/php-httpinterface/blob/339f552c658b57d4b100b18ddad31199478e2f38/src/CurlHandle.php#L121 I think the problem is rather that `CURLOPT_SSL_VERIFYPEER` is set to `true` by default, which then requires the cert- I think in an earlier version of the curl client i had this value depending on the existence of a cert.

kerem commented 2026-02-28 14:22:50 +03:00

Author

Owner

Copy link

@bartv2 commented on GitHub (Nov 14, 2018):

The ca bundle is available on the system, and the connection works when i remove that line 121. I don't like your solution, i think only setting CURLOPT_CAINFO when $this->options->ca_info is a file would work better. When this is not specifically set the system default will be used.

<!-- gh-comment-id:438562644 --> @bartv2 commented on GitHub (Nov 14, 2018): The ca bundle is available on the system, and the connection works when i remove that line 121. I don't like your solution, i think only setting CURLOPT_CAINFO when $this->options->ca_info is a file would work better. When this is not specifically set the system default will be used.

kerem commented 2026-02-28 14:22:50 +03:00

Author

Owner

Copy link

@codemasher commented on GitHub (Nov 14, 2018):

Oh right, i didn't think about the system CA. But what would be a reliable way to check that? Or should i drop the check at all and leave the problem up to the user (which makes up 99% of SO questions about CURLOPT_SSL_VERIFYPEER)?

edit: brrrrr https://github.com/guzzle/guzzle/blob/master/src/functions.php#L160

<!-- gh-comment-id:438603955 --> @codemasher commented on GitHub (Nov 14, 2018): Oh right, i didn't think about the system CA. But what would be a reliable way to check that? Or should i drop the check at all and leave the problem up to the user (which makes up 99% of SO questions about `CURLOPT_SSL_VERIFYPEER`)? edit: brrrrr https://github.com/guzzle/guzzle/blob/master/src/functions.php#L160

kerem commented 2026-02-28 14:22:51 +03:00

Author

Owner

Copy link

@bartv2 commented on GitHub (Nov 14, 2018):

That function is only used in a very limited situation (streamHandler and php 5.?) For curl they do this: https://github.com/guzzle/guzzle/blob/master/src/Handler/CurlFactory.php#L326 I think that is the most flexible. Disabling CURLOPT_SSL_VERIFYPEER should be a last resort, maybe in the error message point to a checklist/steps to check/solve connection errors

<!-- gh-comment-id:438643200 --> @bartv2 commented on GitHub (Nov 14, 2018): That function is only used in a very limited situation (streamHandler and php 5.?) For curl they do this: https://github.com/guzzle/guzzle/blob/master/src/Handler/CurlFactory.php#L326 I think that is the most flexible. Disabling CURLOPT_SSL_VERIFYPEER should be a last resort, maybe in the error message point to a checklist/steps to check/solve connection errors

kerem commented 2026-02-28 14:22:51 +03:00

Author

Owner

Copy link

@bartv2 commented on GitHub (Feb 22, 2019):

Thanks, looks good

<!-- gh-comment-id:466559150 --> @bartv2 commented on GitHub (Feb 22, 2019): Thanks, looks good

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

gh-pages

v5.x-php7.4

6.0.0

5.0.1

5.0.0

4.0.0

3.1.2

3.1.1

3.1.0

3.0.1

3.0.0

2.0.0

1.1.2

1.1.1

1.1.0

1.0.2

1.0.1

1.0.0

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/php-httpinterface#1

No description provided.