Home » Php » php curl -k or –insecure, -X

php curl -k or –insecure, -X

Posted by: admin November 30, 2017 Leave a comment

Questions:

With PHP & curl, I need to connect via a proxy to a SSL secured site, and, ignore certificate warnings. My curl command line looks like this:

curl -k -u username:password -X GET https://someURL

Looking through curl.php, I see what I think are the correct options to set. With them, I end up with something like this:

  $ch = curl_init("https://someURL");
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // Ignore cert errors?
  curl_setopt($ch, CURLOPT_PROXY, true);           // Proxy true?
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");     
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);            
  curl_setopt($ch, CURLOPT_USERPWD, "username:password");      
  $result = curl_exec($ch);

But, $result always returns false. My password has a special character in it, “!”. Perhaps I need to escape it? Other than that, any other ideas?

Thanks,
Scott

Answers:

To completely disable ssl certificate checking curl knows the option CURLOPT_SSL_VERIFYPEER. If it is set to false certifcate checking will be disabled at all. As the default value is true, you’ll have to add:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

From the PHP documentation:

CURLOPT_SSL_VERIFYPEER FALSE to stop cURL from verifying the peer’s certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option. TRUE by default as of cURL 7.10. Default bundle installed as of cURL 7.10.

Note that if certificate checking is disabled you can omit the CURLOPT_SSL_VERIFYHOST setting. So the following line can be removed:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

You also asked if the following setting is ok:

curl_setopt($ch, CURLOPT_PROXY, true);

From the PHP documentation:

The HTTP proxy to tunnel requests through.

Means that it accepts a proxy address like ‘192.168.0.1:3128’ if you are using a proxy. true is not meaningful in this case