CURLOPT_CAINFO and CURLOPT_CAPATH not work


#1

Is not possible use the:

curl_setopt($ch, CURLOPT_CAINFO, $file);

The error show is not possible find the certificate.
curl_setopt($ch, CURLOPT_CAPATH, $file) with the curl_setopt($ch, CURLOPT_CAINFO, $file) get the same problem.

If local file:
-index.php (with curl)
-certificate.crt

Get error on check the certificate, ‘certificate.crt’ is not found.
Same error with external file.

-index.php
= c:\crt.crt

Is not possible load the crt.crt.
Extract the crt to %PATH% and load from it is not possible too.

I CAN’T DISABLE VERIFYPEER!
How can load the CAINFO and/or CAPATH), however, how can check the SSL certificate?


#2

Please post the code you’re using, because this is not an error from ExeOutput itself.


#3

Using the “vitual path” (= ‘crt.crt’) is not possible to find the crt.crt.

However.
I’m using this:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, '10');
curl_setopt($ch, CURLOPT_USERAGENT, 'MyPHP/1.0');


curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);

My server I use:
curl_setopt($ch, CURLOPT_CAINFO, 'crt.crt');

On Output not work, so I put the file in subfolder in same location of .exe:
curl_setopt($ch, CURLOPT_CAINFO, exo_getglobalvariable('HEPublicationPath', '').'bin\crt\crt.crt');

$x[] = curl_exec($ch);
$x[] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$x[] = curl_error($ch);
curl_close($ch);

On PHP Exeoutpu:
array(3) { [0]=> bool(false) [1]=> int(0) [2]=> string(63) “SSL certificate problem: unable to get local issuer certificate” } {“is”:false}

On my server:
array(3) { [0]=> string(102) “{response}” [1]=> int(200) [2]=> string(0) “” }

Both using the same crt.crt.

I try this:

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="%PATH%\bin\crt\cacert.pem"    

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.          
openssl.cafile="%PATH%\bin\crt\cacert.pem"       

Yes, the file exist in this path too! I make a md5_file and sha1_file to check this file too and a file_exist();

This NOT WORK too:

curl.cainfo="cacert.pem"    
openssl.cafile="cacert.pem" 

How I can do that?


#4

Not tested SSL certificates yet - but the CURL problems I had with BETA 2/3 in XP were eventually solved by uninstalling a stubborn software firewall.


#5

I am having this same problem with ExeOuput 2.1 and both PHP 5.6 and 7.1. I put ‘cacert.pem’ in both the source directory and it isn’t found. The same PHP program run outside ExeOutput runs fine as does a version that doesn’t try to load ‘cacert.pem’.

curl_setopt($ch, CURLOPT_CAINFO,‘cacert.pem’);

Error # 77 : Error message error setting certificate verify locations: CAfile: cacert.pem CApath: none

I just discovered that I could use the ‘path to folder’ function and have it work in the operating directory. I would prefer to compile it into the EXE so my customer would have fewer files to keep track of.


#6

We’ll check for a future release if it’s possible to store the cacert.pem file somehow


#7

To make things worse, I can’t use the ‘path to folder’ method in a command line version of one of my programs. I get an Error 77: Unable to set location for cacert.pm.

$pathtofolder = exo_getglobalvariable(‘HEPublicationPath’, ‘’); doesn’t seem to work in a command line program.


#8

This function is not defined in console apps. See http://www.exeoutput.com/help/console-php-app


#9

Even without that, it’s not finding the cacert.pem file. Note that running the program as a plain PHP command line program outside of ExeOutput, it finds all the files including cacert.pem and nghttp2.dll when run in the same directory as them. I think that the ExeOutput version should too.


#10

One further note. If I use the full path for cacert.pem, it does work thru ExeOutput as a command line application.

curl_setopt($ch, CURLOPT_CAINFO,‘C:\EXOP\TestTLScli\cacert.pem’);


#11

Any idea when new version of EXEOut will be released with working curl?

Not having this exact issue, but certain mine is related. Never had issue with curl_setopt($ch, CURLOPT_URL, $lic_url); in any other versions (even V2 Beta worked).

Got to be something related to 2.1 latest release and php7.1???


#12

Now that XLS Padlock 3 is out, ExeOutput 2.2 will follow. We already fixed some problems in the current debug build.


#13

Thank you @gdgsupport !


#14

CURLOPT_CAINFO must be set to an absolute path, so
curl_setopt($ch, CURLOPT_CAINFO,‘cacert.pem’);
will never work in ExeOutput.
We just tried:
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "\cacert.pem");
in a PHP file placed with “cacert.pem” in the app’s root folder. Compiled and it works in ExeOutput.


#15

That isn’t working either because getcwd() returns the ‘\data’ directory, Not the program directory in my command line program. Tried it with PHP 7.1 and 5.6.


#17

Check the new version of ExeOutput 2.2 and the new help topic for cURL:
https://www.exeoutput.com/help/curl


#18

For me, nothing has changed. In the command line version, it puts ‘cacert.pem’ in the \Data directory. In the GUI version, I still need nghttp2.dll in the program directory. And version 2.2 is still compiling backup files into the application. ?? Have I missed something.


#19

Please follow instructions from:
https://www.exeoutput.com/help/curl

GUI nor console apps don’t require nghttp2.dll anymore. This has been tested extensively, please double-check.

Also reset the list of excluded files in Environment Options. Then add the extensions of the backup files if needed.


#20

You’re right, nghttp2.dll isn’t required anymore. Maybe a restart fixed that. It is still including backup files in the compilation. If I have ‘index.php.bak’, it will be included.

Also, if I include both curl and openssl, the DLLs that go with them are included twice.


#21

Still does. Not the program directory.