How can I set CURLOPT_CAINFO globally for PHP on Windows?

Question

I understand that I can set the option on any specific instance, however what I would really like is to set something up php.ini or somewhere similar which will handle this

Answer 1

Here is a patch to 'emulate' what we can see on linux when a valid crt data has been found at build time (which is the case for almost all distros):

http://www.php.net/~pierre/patches/curl_cacert_default.txt

it adds a (system) ini settings to define the path to the cacert, curl.cainfo=c:\curl\ca.crt

cacert data can be fetched here: http://curl.haxx.se/docs/caextract.html

DLL for php 5.3 can be found here: http://www.php.net/~pierre/test/curl-5.3-vc9-x86-ts-nts-cainfodefault.zip DLL for php 5.2 can be found here: http://www.php.net/~pierre/test/curl-5.2-cainfodefault.zip

Please let me know how it works.

Answer 2

You could create a wrapper function which sets the option and use php.ini's auto_prepend_file to load the file it's defined in, but your code would have to be changed to use this wrapper function instead.

Example:

function my_curl_init($url=null) {
  $ch = curl_init($url);
  curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/cert/ca.crt');
  return $ch;
}

Answer 3

1. download cacert.pem add to folder php
2. copy url the place of file cacert.pem
3. [curl] curl.cainfo="C:/xampp/php/cacert.pem"

Answer 4

@Matt is right, but I would add that curl.cainfo is a PHP_INI_SYSTEM directive so you must set it in php.ini...using the ini_set function in a script will always return false as I found out after too many minutes of head banging

Answer 5

I found the answer here (in the user notes): http://php.net/manual/en/function.curl-setopt.php

Just add this to you .ini (note: you cannot use ini_set, although I don't know why you would want to. Thanks @Carlton):

curl.cainfo=c:\php\cacert.pem

And get that file from: http://curl.haxx.se/docs/caextract.html

Works and you aren't opening yourself up for MITM attacks