sKunKbad Posted March 5, 2015 Share Posted March 5, 2015 Today my boss called me and told me that a php script I had written for him wasn't working. It had been working for over a year, and no changes had been made (at least not for many months). The problem was that he just has a self signed cert, and I had not set CURLOPT_SSL_VERIFYHOST to FALSE. Did something in Linux change in the last day? I wonder because his server and my computer (Ubuntu) both started in with the same problem on the same day. I set CURLOPT_SSL_VERIFYHOST to FALSE and everything started working again. Quote Link to comment Share on other sites More sharing options...
requinix Posted March 5, 2015 Share Posted March 5, 2015 If something changed then your machines had to download and apply them. So I ask you: what happened in the last couple days? I set CURLOPT_SSL_VERIFYHOST to FALSE and everything started working again.Don't use false. The value is supposed to be an integer: 0 to disable, 1 to partially enable (and only works for libcurl Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted March 6, 2015 Author Share Posted March 6, 2015 If something changed then your machines had to download and apply them. So I ask you: what happened in the last couple days? Don't use false. The value is supposed to be an integer: 0 to disable, 1 to partially enable (and only works for libcurl <7.28.0), 2 to fully enable. Honestly, I don't know the exact updates I apply to my Ubuntu machines. I just install them when Ubuntu tells me they are ready. As for my boss, his server is CentOs. I don't even have access to it, so I don't know what's going on there. It's just kind of funny that both machines start to have errors on the same day. Also, thanks for the advice regarding CURLOPT_SSL_VERIFYHOST. Quote Link to comment Share on other sites More sharing options...
requinix Posted March 6, 2015 Share Posted March 6, 2015 Did his cert change? Maybe expire? Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted March 6, 2015 Author Share Posted March 6, 2015 Did his cert change? Maybe expire? That's a good question. I'll look into it. Quote Link to comment Share on other sites More sharing options...
kicken Posted March 6, 2015 Share Posted March 6, 2015 It's generally advisable to leave CURLOPT_SSL_VERIFYHOST enabled. If you're using a self-signed certificate, you just need to tell CURL to trust it by using CURLOPT_CAINFO. Save the server's certificate somewhere locally and then use code like: $ch = curl_init('https://example.com/'); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_CAINFO, '/path/to/example.crt'); curl_exec($ch); You'd still have to make sure that your self-signed certificate doesn't expire, but you could set the expiration date for like 10 years in the future or something when generating it. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.