cURL + https

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

cURL + https

Post by Ree »

I'm having a problem with cURL accessing pages via https. Here's the curl_error() I get: 'SSL certificate problem, verify that the CA cert is OK'. I'm running Windows + Apache. I have tried the same script on a Linux machine on my client's host and it worked fine there. What should I do to fix it?
foobar
Forum Regular
Posts: 613
Joined: Wed Sep 28, 2005 10:08 am

Post by foobar »

I think Google might have your answer.
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

Post by Ree »

That problem seems to be fixed now. However there's another problem I am having now - I cannot login via https. This is what I have:

Code: Select all

$curl = &new cURLManager('https://foobar.com/login.aspx');
    $curl->setOption(CURLOPT_HEADER, false);
    $curl->setOption(CURLOPT_POST, true);
    $curl->setOption(CURLOPT_POSTFIELDS, $data_pack); //string of vars (username=foo&password=bar etc)
    $curl->setOption(CURLOPT_RETURNTRANSFER, true);

    $curl->setOption(CURLOPT_SSL_VERIFYPEER, false); //Temporarily used to remove the SSL error
    $curl->setOption(CURLOPT_SSL_VERIFYHOST, false); //Temporarily used to remove the SSL error

    $curl->setOption(CURLOPT_FOLLOWLOCATION, true);
    $curl->setOption(CURLOPT_REFERER, 'http://www.foobar2.com');
    $curl->setOption(CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)');
    $data = $curl->getOutput();
Upon logging into the site normally via browser, it automatically redirects you to default.aspx page, so it should be the same with cURL. However, with cURL I get the page (actually it's the same login.aspx page) which is displayed if user's session time expires (that is, if logged in user has been inactive for 20 mins or so) or if a restricted page is being accessed without authorization. It doesn't display incorrect username/password message, so it seems the server checks them and accepts them but still doesn't log in properly. If I put incorrect username/password intentionally in $data_pack, I DO get the incorrect username/password message.

What do you think could be the problem of this login? Maybe I need to set other options in cURL? HTTPS is something I am messing with for the first time, so ANY help/suggestions would be greatly appreciated.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

sounds like you need to set the cookie jar options.
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

Post by Ree »

You're the man, feyd! :mrgreen:
Post Reply