HTTPS and PHP

I've searched hi and lo for this and I seem to get errors that 
statistically no one has ever encountered before (sorry - ever
'resolved' before in a public statement)

I get 
"error setting cerficate verify locations"
when I try to use CURL and SSL - either from PHP or command line.  

2.5 billion documents in google and apparently 
I'm about the only person who has ever seen this particular error 
ever.  I find that a bit hard to believe.  

Can someone please point me to some instructions that would help resolve
this issue?

Thanks.

-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com

Re: HTTPS and PHP

On 4 Nov 2002, michael kimsal wrote:

> I've searched hi and lo for this and I seem to get errors that
> statistically no one has ever encountered before (sorry - ever 'resolved'
> before in a public statement)

Actually, it has been asked before and it has been commented before. 

> I get "error setting cerficate verify locations" when I try to use CURL and
> SSL - either from PHP or command line.

The secret is all spelled out in the UPGRADE document in the curl release
archives starting with 7.10. Online here:

	http://curl.haxx.se/lxr/source/UPGRADE

Please ask again if this does not answer your question.

--

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.

-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com

Re: HTTPS and PHP

On Mon, 2002-11-04 at 17:44, Daniel Stenberg wrote:
> On 4 Nov 2002, michael kimsal wrote:
> 
> > I've searched hi and lo for this and I seem to get errors that
> > statistically no one has ever encountered before (sorry - ever 'resolved'
> > before in a public statement)
> 
> Actually, it has been asked before and it has been commented before. 
> 
Welp, as I said, I googled, and got exactly 2 posts, neither of which
pointed to this document.  

> > I get "error setting cerficate verify locations" when I try to use CURL and
> > SSL - either from PHP or command line.
> 
> The secret is all spelled out in the UPGRADE document in the curl release
> archives starting with 7.10. Online here:
> 
> 	http://curl.haxx.se/lxr/source/UPGRADE
> 
> Please ask again if this does not answer your question.

I will.

I would not have even though to look for 'upgrade' info, because I
wasn't upgrading.  Perhaps this info could be cross-referenced someplace
else (and submitted to google).

Thanks so far.  :)

Re: HTTPS and PHP

Thank you - here's what worked:

curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, FALSE);

There seems to be some issue with some SSL pages causing the system to
go into an infinite loop, but I'm pretty sure that's some other issue,
nothing directly related to curl.

Thanks for your patience.

FYI, I would never have looked for anything on 'verifying a peer'
because the error message had nothing to do with 'peers'.  I suspect I'm
not alone using google (then marc.theaimsgroup.com) as a tool to look up
error messages.  The error message I pasted had pretty much nothing
related to this fix.  I'm a relative curl newbie, so maybe I'm just not
hip or with it or whatever, but this was certainly not an easy thing to
find an answer for without your document.

Thanks.

On Mon, 2002-11-04 at 17:44, Daniel Stenberg wrote:
> On 4 Nov 2002, michael kimsal wrote:
> 
> > I've searched hi and lo for this and I seem to get errors that
> > statistically no one has ever encountered before (sorry - ever 'resolved'
> > before in a public statement)
> 
> Actually, it has been asked before and it has been commented before. 
> 
> > I get "error setting cerficate verify locations" when I try to use CURL and

Re: HTTPS and PHP

On 4 Nov 2002, michael kimsal wrote:

> FYI, I would never have looked for anything on 'verifying a peer' because
> the error message had nothing to do with 'peers'.  I suspect I'm not alone
> using google (then marc.theaimsgroup.com) as a tool to look up error
> messages.  The error message I pasted had pretty much nothing related to
> this fix.

It did, but you may not have seen the connection and you're right that it
isn't that easy to see.

> I'm a relative curl newbie, so maybe I'm just not hip or with it or
> whatever, but this was certainly not an easy thing to find an answer for
> without your document.

It is very easy to detect and nag on bad documentation. It is a whole other
issue to actually provide an improvement.

Feel free to write us a document to help others that are experiencing the
same problems.

--

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.

-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com

Re: HTTPS and PHP

On Mon, 2002-11-04 at 18:16, Daniel Stenberg wrote:

> It is very easy to detect and nag on bad documentation. It is a whole other
> issue to actually provide an improvement.
> 
> Feel free to write us a document to help others that are experiencing the
> same problems.
> 
I know it is easier to nag - we're in a similar situation with our own
software, so I 'feel your pain'.  

I do hope that simply having this email exchange archived will
eventually help others searching for this problem, which is why I posted
my one line of PHP code as well.

It's not perfect, but it will be searchable at some point.

Thanks.

-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com

webSTAR server / Mac OSX?

Has anyone set up CURL on a Macintosh running webSTAR 5?

__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/

-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en

(no subject)

exit status 35

Under what conditons does 'ssl' handsake fail? In the past
2 weeks, exit status 35 has been returned 4 times by curl.
Unfortunately I have not been able to repeat the problem.

-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

Re: exit status 35

On Thu, 14 Nov 2002, mixo wrote:

> Under what conditons does 'ssl' handsake fail? In the past 2 weeks, exit
> status 35 has been returned 4 times by curl. Unfortunately I have not been
> able to repeat the problem.

OpenSSL doesn't always return very detailed information on what the reason is
for certain failures. libcurl itself can return the 35 for three different
reasons, and the two most unlikely events are that libcurl can't extract the
remove certificate "subject" or "issuer". The most likely error is that
SSL_connect() returned an error.

Whatever the case was for you, the error buffer should contain some more info
and using verbose output may also offer some more clues.

--

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.

-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html