Pregunta
This is my Code:
https://stackoverflow.com/questions/23241712
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postValues);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
Now the $result is "false" and the curl_error() shows me the SSL-Error "Peer's Certificate issuer is not recognized.". But although there is this error, the post data has been sent to the $apiUrl.
Is this correct? Bug or feature? ;)
How can I improve this to prevent sending data to an insecure service?
Thanks in advance! :)
Solución 2
Finally I found the reason why the data has been transfered although there has been a curl error! There was a redirect to another location and with "followlocation" active, the error happened on the redirected site! So the data has been sent to the $apiUrl and has been processed. After this the curl call has been redirected and the error appeared.
My trust in logic has been restored :D
Otros consejos
There is two solution for this...
If you want to skip check SSL certificate use....
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
If you have certificate with you use....
curl_setopt ($ch, CURLOPT_CAINFO, "PATH_TO/cacert.pem");
Thanks.
This is incorrect; cURL does not send any data when there is a problem with the SSL certificate.
(I just tested with a connection to a local script - the second script did not run when the first script encountered an SSL error while connecting to it.)
