Jump to content

cURL CURLOPT_SSL_VERIFYHOST behavior


sKunKbad

Recommended Posts

Today my boss called me and told me that a php script I had written for him wasn't working. It had been working for over a year, and no changes had been made (at least not for many months). The problem was that he just has a self signed cert, and I had not set CURLOPT_SSL_VERIFYHOST to FALSE. Did something in Linux change in the last day? I wonder because his server and my computer (Ubuntu) both started in with the same problem on the same day. I set CURLOPT_SSL_VERIFYHOST to FALSE and everything started working again.

Link to comment
Share on other sites

If something changed then your machines had to download and apply them. So I ask you: what happened in the last couple days?

 

I set CURLOPT_SSL_VERIFYHOST to FALSE and everything started working again.

Don't use false. The value is supposed to be an integer: 0 to disable, 1 to partially enable (and only works for libcurl
Link to comment
Share on other sites

If something changed then your machines had to download and apply them. So I ask you: what happened in the last couple days?

 

Don't use false. The value is supposed to be an integer: 0 to disable, 1 to partially enable (and only works for libcurl <7.28.0), 2 to fully enable.

Honestly, I don't know the exact updates I apply to my Ubuntu machines. I just install them when Ubuntu tells me they are ready.

 

As for my boss, his server is CentOs. I don't even have access to it, so I don't know what's going on there. It's just kind of funny that both machines start to have errors on the same day.

 

Also, thanks for the advice regarding CURLOPT_SSL_VERIFYHOST.

Link to comment
Share on other sites

It's generally advisable to leave CURLOPT_SSL_VERIFYHOST enabled. If you're using a self-signed certificate, you just need to tell CURL to trust it by using CURLOPT_CAINFO. Save the server's certificate somewhere locally and then use code like:

$ch = curl_init('https://example.com/');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/example.crt');
curl_exec($ch);
You'd still have to make sure that your self-signed certificate doesn't expire, but you could set the expiration date for like 10 years in the future or something when generating it.
  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.