Curl can't find cainfo, when doing https request

[bartv2]

Disabling setting the CURLOPT_CAINFO option to null fixes this issue. Adding this option to the array only when ca_info is set should fix this issue.

[codemasher]

Thank you for the info! I should state somewhere that ca certificate (or bundle) is necessary/mandatory for HTTPS. I'll also look into a workaround to not run into errors otherwise.

[codemasher]

This is actually handled over here:

php-httpinterface/src/CurlHandle.php

Line 121 in 339f552

CURLOPT_CAINFO => is_file($this->options->ca_info) ? $this->options->ca_info : null,

I think the problem is rather that CURLOPT_SSL_VERIFYPEER is set to true by default, which then requires the cert- I think in an earlier version of the curl client i had this value depending on the existence of a cert.

[bartv2]

The ca bundle is available on the system, and the connection works when i remove that line 121. I don't like your solution, i think only setting CURLOPT_CAINFO when $this->options->ca_info is a file would work better. When this is not specifically set the system default will be used.

[codemasher]

Oh right, i didn't think about the system CA. But what would be a reliable way to check that? Or should i drop the check at all and leave the problem up to the user (which makes up 99% of SO questions about CURLOPT_SSL_VERIFYPEER)?

edit: brrrrr https://github.com/guzzle/guzzle/blob/master/src/functions.php#L160

[bartv2]

That function is only used in a very limited situation (streamHandler and php 5.?) For curl they do this: https://github.com/guzzle/guzzle/blob/master/src/Handler/CurlFactory.php#L326 I think that is the most flexible. Disabling CURLOPT_SSL_VERIFYPEER should be a last resort, maybe in the error message point to a checklist/steps to check/solve connection errors

[bartv2]

Thanks, looks good