Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<h2>What It Does &amp; Meaning:</h2> <p>The following code tells the cURL to NOT verify that security certificates are correct. Hence, the error disappears.</p> <pre><code> $opts[CURLOPT_SSL_VERIFYPEER] = false; $opts[CURLOPT_SSL_VERIFYHOST] = 2; </code></pre> <p>When you connect to a remote server with SSL, their certificate might be invalid, expired, or not signed by a recognized CA. The cURL normally checks it.</p> <p><strong>CURLOPT_SSL_VERIFYHOST:</strong> </p> <ul> <li>1: to check the existence of a common name in the SSL peer certificate. </li> <li>2: to check the existence of a common name and also verify that it matches the hostname provided.</li> </ul> <p><strong>CURLOPT_SSL_VERIFYPEER:</strong> FALSE to stop CURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the <code>CURLOPT_CAPATH</code> option. CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE if CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2).</p> <hr> <h2>How to Enable &amp; Verify Correctly:</h2> <p>To verify correctly, we need to to verify the certificate being presented to us is good for real. We do this by comparing it against a certificate we reasonable* trust.</p> <p>If the remote resource is protected by a certificate issued by one of the main CA's like Verisign, GeoTrust et al, you can safely compare against Mozilla's CA certificate bundle which you can get from <a href="http://curl.haxx.se/docs/caextract.html" rel="noreferrer">http://curl.haxx.se/docs/caextract.html</a></p> <p>Save the file cacert.pem somewhere in your server and set the following options in your script.</p> <pre><code>curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, TRUE); curl_setopt ($ch, CURLOPT_CAINFO, "pathto/cacert.pem"); </code></pre> <p>If you are connecting to a resource protected by a self-signed certificate, all you need to do is obtain a copy of the certificate in PEM format and append it to the cacert.pem of the above paragraph.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload