0

This is my Code:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postValues);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);

Now the $result is "false" and the curl_error() shows me the SSL-Error "Peer's Certificate issuer is not recognized.". But although there is this error, the post data has been sent to the $apiUrl.

Is this correct? Bug or feature? ;)

How can I improve this to prevent sending data to an insecure service?

Thanks in advance! :)

Improve this question

3 Answers 3

Reset to default
4

There is two solution for this...

Solution - 1

If you want to skip check SSL certificate use....

curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);

Solution - 2

If you have certificate with you use....

curl_setopt ($ch, CURLOPT_CAINFO, "PATH_TO/cacert.pem");

Thanks.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for your answer, but disabling completely the validation is the worst "solution" and updating the cacert.pem is also not a solution, because my question is how to prevent sending the data BEFORE this error happens. I know how to fix the error, but I wonder why the data has been sent.
From php 5.5, new option is available in curl_setopt and that is CURLOPT_CONNECT_ONLY which tells the library to perform all the required proxy authentication and connection setup, but no data transfer. CURLOPT_CONNECT_ONLY
1

Finally I found the reason why the data has been transfered although there has been a curl error! There was a redirect to another location and with "followlocation" active, the error happened on the redirected site! So the data has been sent to the $apiUrl and has been processed. After this the curl call has been redirected and the error appeared.

My trust in logic has been restored :D

Improve this answer

Comments

0

This is incorrect; cURL does not send any data when there is a problem with the SSL certificate.

(I just tested with a connection to a local script - the second script did not run when the first script encountered an SSL error while connecting to it.)

Improve this answer

1 Comment

This is definitly one of the weirdest things it ever happend... meanwhile I cannot reproduce this error and now there is no data sent if there is a problem with the SSL certificate... but it happend, trust me, this freaks me out >.< :(

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.