Hi, I want to change a SOAP call to curl due to ssl timeout bug of PHP Soap. My PHP version is PHP 5.2.6-1+lenny13 with Suhosin-Patch 0.9.6.2. I'm using the following SOAP call and it's handling SSL very good: $client = new SoapClient('https://92.X.X.X:8443', array('trace' => True, 'local_cert' => 'BehnamCa/newkey.pem')); But when i want to use cURL and overwrite the __doRequest function using the following code: $curl = curl_init($location); curl_setopt($curl, CURLOPT_VERBOSE, TRUE); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_POST, TRUE); curl_setopt($curl, CURLOPT_POSTFIELDS, $request); curl_setopt($curl, CURLOPT_HEADER, FALSE); curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: text/xml")); curl_setopt($curl, CURLOPT_TIMEOUT, $this->timeout); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($curl, CURLOPT_CAPATH, '/home/sasan/CA2/BehnamCa/'); curl_setopt($curl, CURLOPT_SSLCERT, '/home/sasan/CA2/BehnamCa/newkey.pem'); curl_setopt($curl, CURLOPT_SSLCERTTYPE, 'PEM'); curl_setopt($curl, CURLOPT_SSLKEY, '/home/sasan/CA2/BehnamCa/private.key'); curl_setopt($curl, CURLOPT_CAINFO, '/home/sasan/CA2/BehnamCa/private.crt'); $response = curl_exec($curl); I'm receiving the following: * About to connect() to 92.X.X.X port 8443 (#0) * Trying 92.X.X.X... * connected * Connected to 92.X.X.X (92.X.X.X) port 8443 (#0) * successfully set certificate verify locations: * CAfile: /home/sasan/CA2/BehnamCa/private.crt CApath: /home/sasan/CA2/BehnamCa/ * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 string(146) "SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" As you can see, i'm trying every possible way to tell curl about my keys, but still no success. Am i doing something wrong or this is a bug?
Attachment:
signature.asc
Description: OpenPGP digital signature