{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劳资没心,怎么记你 的问题《Getting error in Curl - Peer certificate cannot be》','https://www.manongdao.com/q-324372.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am getting the below error while making ssl connection with self signed certificate. "Peer certificate cannot be authenticated with known CA certificates"
It is working fine with CA signed certificate. I am setting the below using curl_easy_setopt().
curl_easy_setopt(MyContext, CURLOPT_CAPATH, CA_CERTIFICATE_PATH) curl_easy_setopt(MyContext, CURLOPT_SSL_VERIFYPEER,TRUE);
The curl version
libcurl-7.19.7-26
Openssl version is 0_9_8u.
Please let me know how to solve this issue.
Though this error happened in the case of using
git clonerather than with usingcurl, I've recently stumbled across an identical error message:Similar to Arth's findings, something that worked for CentOS 6 (in order to successfully use HTTPS URLs with
git clonefor related GitLab repositories) involved updating the trusted certificates on the server (i.e., the server that is using HTTPS), using the following steps:sudo yum install ca-certificatessudo update-ca-trust enablesudo cp /path/to/your_new_cert.crt /etc/pki/ca-trust/source/anchors/sudo update-ca-trust extractPerhaps the same certificate steps can be applied for the case of
curl(or other similar scenarios) for users on CentOS in the future.libcurl performs peer SSL certificate verification by default. This is done by using CA cert bundle that the SSL library can use to make sure the peer's server certificate is valid.
If you communicate with HTTPS or FTPS servers using certificates that are signed by CAs present in the bundle, you can be sure that the remote server really is the one it claims to be.
Until 7.18.0, curl bundled a severely outdated ca bundle file that was installed by default. These days, the curl archives include no ca certs at all. You need to get them elsewhere. See below for example.
For more to know about Peer SSL Certificate Verification visit http://curl.haxx.se/docs/sslcerts.html
By default CURL will generally verify the SSL certificate to see if its valid and issued by an accepted CA. To do this, curl uses a bundled set of CA certificates.
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Here's an example:
In 'C'
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
worked for me
for php switch off curl's verification of the certificate e.g. for curl_exec
http://php.net/manual/en/function.curl-setopt.php
(evaluate the security risk yourself, in my case it was on a partner company's server and the file required contained no secure information - just happened to be on a secure server)
We fixed a similar issue on CentOS 6 by updating curl to the latest version available in the standard repositories and installing the newest ca-certificates bundle: