|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69035 curl error setting CURLOPT_CAINFO .crt file inside PHAR
Submitted: 2015-02-12 07:44 UTC Modified: 2015-02-12 08:01 UTC
From: sebastian at phpbu dot de Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.6.5 OS: Linux (Debian Wheezy)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: sebastian at phpbu dot de
New email:
PHP Version: OS:


 [2015-02-12 07:44 UTC] sebastian at phpbu dot de
The Error occures if you create a PHAR with a .crt file in it.

Setting the CURLOPT_CAINFO option and linking a .crt file within the phar
leads to an error like this

Curl failed to exec error setting certificate verify locations:
  CAfile: phar:///tmp/my.phar/demo/ca.crt
  CApath: /etc/ssl/certs
in phar:///tmp/my.phar/demo/example.php:9

Setting CURLOPT_CAPATH to __DIR__ doesn't help either.

Dumping the .crt file to stdOut works in phar mode so the file is there.
Not compiled to phar the code works fine.

PHP 5.6.5
curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3

Test script:
// curl setup
$handle = curl_init();
$caFile = __DIR__ . '/ca.crt';

// check for crt file just to make sure its in the phar
if (!is_file($caFile)) {
    throw new Exception("Failed to load ca certificate");
curl_setopt($handle, CURLOPT_CAINFO, $caFile);

// optionaly use this as well
//curl_setopt($handle, CURLOPT_CAPATH, __DIR__);

// make phar file containing this and a .crt file
// contents of .crt doesn't matter for demonstration

Expected result:
In a PHAR I want to link curl to .crt files i provide within the phar.

Actual result:
Curl can't access the .crt file within the phar

Curl failed to exec error setting certificate verify locations:
  CAfile: phar:///tmp/my.phar/demo/ca.crt


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-12 08:01 UTC]
-Status: Open +Status: Not a bug
 [2015-02-12 08:01 UTC]
cURL is a third-party library. It doesn't know about things like phars, and unfortunately there's no way to pass it the certificate as a string.
However you can dump the contents of the cert to a temp file, run your cURL operations, then delete the file.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 20:01:24 2020 UTC