No support for CURLOPT_CAINFO

[snorkelbuckle]

Need to be able to support CURLOPT_CAINFO to allow loading of cacert file. In some cases, this is needed, in my case it is needed while running on a windows machine. php curl on Windows seems to have a problem with SSL requests unless CURLOPT_CAINFO is specified.

[jeremeamia]

You can use the 'cert'request option: http://docs.guzzlephp.org/en/latest/request-options.html#cert

[snorkelbuckle]

I actually tried that and it didn't work. I thought it was for
something else. The terminology doesn't match with curl options.

Here is how I called it:

$res = $client->request('GET', ZDURL . '/organizations.json', ['auth' =>
[ZDUSER . '/token', ZDAPIKEY], 'cert' =>
"C:\Users\Jose\Documents\Development\Php\EnsimZendesk\cacert.pem"]);

Here is the error:

Fatal error: Uncaught exception
'GuzzleHttp\Exception\RequestException' with message 'cURL error 58:
unable to set private key file:
'C:\Users\Jose\Documents\Development\Php\EnsimZendesk\cacert.pem' type
PEM (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' in
C:\Users\Jose\Documents\Development\Php\EnsimZendesk\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php:187
Stack trace: #0
C:\Users\Jose\Documents\Development\Php\EnsimZendesk\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php(150):
GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle),
Array) #1
C:\Users\Jose\Documents\Development\Php\EnsimZendesk\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php(103):
GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlMultiHandler),
Object(GuzzleHttp\Handler\EasyHandle),
Object(GuzzleHttp\Handler\CurlFactory)) #2
C:\Users\Jose\Documents\Development\Php\EnsimZendesk\vendor\guzzlehttp\guzzle\src\Handler\CurlMultiHandler.php(180):
GuzzleHttp\Handler\CurlFactory::fi in
C:\Users\Jose\Documents\Development\Php\EnsimZendesk\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
on line *187

What does work is if I modify CurlFactory.php directly, I add a single
line to getDefaultConf, but obviously not a permanent solution.

 private function getDefaultConf(EasyHandle $easy)
 {
     $conf = [
         '_headers'             => $easy->request->getHeaders(),
         CURLOPT_CUSTOMREQUEST  => $easy->request->getMethod(),
         CURLOPT_URL            => (string) $easy->request->getUri(),
         CURLOPT_RETURNTRANSFER => false,
         CURLOPT_CAINFO         => 

'C:\Users\Jose\Documents\Development\Php\EnsimZendesk\cacert.pem',
CURLOPT_HEADER => false,
CURLOPT_CONNECTTIMEOUT => 150,

On 11/11/2015 10:25 PM, Jeremy Lindblom wrote:

You can use the |'cert'|request option:
http://docs.guzzlephp.org/en/latest/request-options.html#cert

—
Reply to this email directly or view it on GitHub
#1306 (comment).

[snorkelbuckle]

I looked at the code further, and the 'cert' option only sets the
CURLOPT_SSLCERT option. This is completely different than the
CURLOPT_CAINFO option. Further, a global search in the guzzle source
code shows that nowhere is CURLOPT_CAINFO set.

I think this needs to be supported in future version.

Thanks,
Jose

On 11/11/2015 10:25 PM, Jeremy Lindblom wrote:

You can use the |'cert'|request option:
http://docs.guzzlephp.org/en/latest/request-options.html#cert

—
Reply to this email directly or view it on GitHub
#1306 (comment).

[snorkelbuckle]

I added this code to applyHandlerOptions in CurlFactory.php and now it works by specifying 'cainfo' option. Probably should iimplement CURLOPT_CAPATH as well.

    if (isset($options['cainfo'])) {
        $cainfo = $options['cainfo'];
        if (!file_exists($cainfo)) {
            throw new \InvalidArgumentException(
                "CAINFO certificate not found: {$cainfo}"
            );
        }
        $conf[CURLOPT_CAINFO] = $cainfo;
    }

[jeremeamia]

Oh, my bad on 'cert', I was actually thinking of the 'verify' option. That should work, but there is also a way to specify arbitrary curl options as well.

Those are both "request options", but can be applied to every request as explained in the bottom of the client creation section, "All other options passed to the constructor are used as default request options with every request created by the client."

[mtdowling]

Yep, this is done using verify.

[xiebruce]

solution1: disable ssl verification

$client->request('GET', '/', [
    'curl' => [
        CURLOPT_SSL_VERIFYPEER => false,
	CURLOPT_SSL_VERIFYHOST => false,
    ],
    //other parameters
    'headers' => [
		'Authorization' => 'Basic '.$this->token,
    ],
    'multipart' => [
		[
			'name'     => 'file',
			'contents' => fopen($uploadFilePath, 'r')
		],
    ]
]);

solution2: specify a cacert.pem file

$client->request('GET', '/', [
    'curl' => [
        CURLOPT_CAINFO => '/path/to/cacert.pem'
    ],
    //other parameters
    'headers' => [
		'Authorization' => 'Basic '.$this->token,
    ],
    'multipart' => [
		[
			'name'     => 'file',
			'contents' => fopen($uploadFilePath, 'r')
		],
    ]
]);

sulation3: specify default cainfo in php.ini

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /path/to/cacert.pem

I'm not sure if it needs a double quote like this curl.cainfo = "/path/to/cacert.pem"