cURL and SSL

Sasan Rose <sasan.rose@gmail.com> · Wed, 07 Mar 2012 12:36:38 +0330

Hi,
I want to change a SOAP call to curl due to ssl timeout bug of PHP Soap.
My PHP version is PHP 5.2.6-1+lenny13 with Suhosin-Patch 0.9.6.2. I'm
using the following SOAP call and it's handling SSL very good:

$client = new SoapClient('https://92.X.X.X:8443', array('trace' =>
True, 'local_cert' => 'BehnamCa/newkey.pem'));

But when i want to use cURL and overwrite the __doRequest function using
the following code:

$curl = curl_init($location);

curl_setopt($curl, CURLOPT_VERBOSE, TRUE);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $request);
curl_setopt($curl, CURLOPT_HEADER, FALSE);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
curl_setopt($curl, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_CAPATH, '/home/sasan/CA2/BehnamCa/');
curl_setopt($curl, CURLOPT_SSLCERT, '/home/sasan/CA2/BehnamCa/newkey.pem');
curl_setopt($curl, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($curl, CURLOPT_SSLKEY, '/home/sasan/CA2/BehnamCa/private.key');
curl_setopt($curl, CURLOPT_CAINFO, '/home/sasan/CA2/BehnamCa/private.crt');

$response = curl_exec($curl);

I'm receiving the following:

* About to connect() to 92.X.X.X port 8443 (#0)
*   Trying 92.X.X.X... * connected
* Connected to 92.X.X.X (92.X.X.X) port 8443 (#0)
* successfully set certificate verify locations:
*   CAfile: /home/sasan/CA2/BehnamCa/private.crt
  CApath: /home/sasan/CA2/BehnamCa/
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0
string(146) "SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed"

As you can see, i'm trying every possible way to tell curl about my
keys, but still no success. Am i doing something wrong or this is a bug?

Attachment:
signature.asc

Description: OpenPGP digital signature