PHP SSL Certificate problem [ Solved, seeking explanation why ]

I’m not a web developer, so I’ve been fumbling together some PHP with curl.

I eventually figured out curl was erroring out with the message below:

    [errmsg] => SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Code:

    $url = "https://api.spark.io/v1/devices/MYDEVICE/function";
    $ch      = curl_init( $url );
    curl_setopt($ch, CURLOPT_POSTFIELDS,"access_token=XXX&args=W");
    $content = curl_exec( $ch );
    $err     = curl_errno( $ch );
    $errmsg  = curl_error( $ch );
    $header  = curl_getinfo( $ch );
    curl_close( $ch );

I added:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

And things work now.

Any idea why?

It’s not so much a Spark SSL issue as it is an SSLv3 issue with PHP cURL. I had this same problem for a project at work when we updated all of our SSL certificates to SSLv3 in the past year or so. I don’t remember the exact reason for the problem, but I think it revolves around certificate authorities (CA) needing to be updated on the local system to trust the newer SSLv3 certificates.

EDIT: I added “PHP” to the topic title since it is an issue with PHP / cURL and not with the SSL certificate overall.

1 Like

Hmmm… the PHP docs for curl say CURLOPT_SSL_VERIFYPEER is set to true by default as of curl 7.10, (but not for prior versions?) so you must set it to false to stop curl from trying to verify the CA on it’s own.

Sounds like updating the CA on the local system might keep curl from freaking out if CURLOPT_SSL_VERIFYPEER were left on true? I have no idea how this would be done and I am trying to implement HTTPS client for Spark, hahah :laughing:

1 Like