Guzzle and HTTPS

Question

I want to use Guzzle and Silex to send request to https pages.

With http url I have a response :

app->get(\'/\',function() use ($app, $cli         


        

Answer 1

I found a solution but do not know why it works :

$client->setDefaultOption('verify', false);
$response = $client->get("https://www.facebook.com");

Answer 2

Following your link to the details, the exception message says:

cURL error 60: See http://curl.haxx.se/libcurl/c/libcurl-errors.html

Looking up http://curl.haxx.se/libcurl/c/libcurl-errors.html I found

CURLE_SSL_CACERT (60)

Peer certificate cannot be authenticated with known CA certificates.

So it's most likely a problem with the SSL verification/CA bundle. By setting the verify request option to false, guzzle (resp. curl) will not try to verify the host against a certificate, hence the error disappears (-- in reply to https://stackoverflow.com/a/28582692/413531)

However, you do not want to do that ;) Instead, you should try to solve the issue by providing a valid CA bundle.

IIRC, in v4 guzzle provided a default certificate (see https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem ), but removed that in version 5 and now tries to discover your default system CA bundle. From the docs, those locations are checked:

Check if openssl.cafile is set in your php.ini file.
Check if curl.cainfo is set in your php.ini file.
Check if /etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)
Check if /etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)
Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
Check if C:\windows\curl-ca-bundle.crt exists (Windows)

However, I found it easier to set the certificate explicitly when creating a new Client. That means:

• Download https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem or better (because newer) http://curl.haxx.se/ca/cacert.pem (see http://curl.haxx.se/docs/caextract.html)
• Use the local path to this certifcate in the Client instantiation

Example (assuming you have the certificate named cacert.pem located in the same directory as the script):

$default = ["verify" => __DIR__ . "/cacert.pem"];
$config = ["defaults" => $default];
$client = new Client($config);
$response = $client->get("https://www.facebook.com");