Menu

Snippets

Yet another programmer blogging about code

Posts Tagged ‘curl’

Stop turning off CURLOPT_SSL_VERIFYPEER and fix your PHP config

Wednesday, October 24th, 2012

As Pádraic Brady points out in a recent article about PHP security, there’s a whole lot of misinformation about how to deal with the error “SSL certificate problem, verify that the CA cert is OK” from curl. Nearly everyone advises that you turn CURLOPT_SSL_VERIFYPEER off (in fact, countless comments on the PHP manual page for curl_setopt tell you this). This is bad, because it allows your nice, encrypted stream of confidential data to be silently highjacked by a bad guy. Don’t do that! Instead, just fix your PHP installation so that it doesn’t get that error. (more…)