Hide Forgot
Description of problem: No CERTIFICATE information returned when using curl with PHP (CURLINFO_CERTINFO) According to bugs.centos.org probably something that is wrong in RedHat release of curl/libcurl. Version-Release number of selected component (if applicable): curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3 How reproducible: See the steps below. Simple PHP script can also reproduce this. Steps to Reproduce: Take a relevant example from libcurl documentation: cp /usr/share/doc/libcurl-devel-7.29.0/certinfo.c . Edit certinfo.c to match PHP script (replace URL with https://plesk.com) Compile: gcc -l curl certinfo.c Run: ./a.out Actual results: 0 certs! Expected results: 4 certs! Subject:OU=Domain Control Validated; OU=PositiveSSL; CN=plesk.com Issuer:C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA Version:2 Signature Algorithm:sha256WithRSAEncryption Start date:2016-12-19 00:00:00 GMT Expire date:2019-12-19 23:59:59 GMT Public Key Algorithm:rsaEncryption RSA Public Key:2048 rsa(n):ac:2d:d6:4a:4c:f2:17:02:8b:0f:cf:c4:1f:bd:7f:fd:e2:a8:00:07:94:56:fc:69:17:2b:d7:05:7a:ef:eb:0f:4f:d9:c8:be:b1:8f:fc:40:2b:a0:08:2f:56:1c:91:c5:fe:3e:19:55:d8:c3:6e:a3:c5:f0:9c:8e:1c:f4:b8:89:56:8b:ad:bd:cc:8d:0c:dc:c3:72:62:b9:3c:b0:4b:b8:09:92:3b:f3:c7:df:b2:f1:30:cb:32:b8:64:52:54:29:94:db:da:d3:f9:7b:0a:30:f9:67:2c:57:29:58:8a:d8:da:60:c5:01:9e:4d:9e:ec:36:ec:aa:08:1a:03:ef:37:c2:93:b5:13:37:bf:f0:b6:fc:a8:b9:6f:c6:b2:2c:02:84:9c:e0:d3:ef:55:84:b1:a8:b8:5d:a4:73:6f:ee:07:a6:03:98:a1:6d:f9:96:e1:bc:d2:6d:6b:4f:fe:7a:92:7a:98:00:9a:b9:bc:6d:cf:63:8e:8b:58:da:22:7e:08:c2:07:3d:17:a5:ed:64:af:a8:7f:f0:16:9d:37:87:06:01:5b:2d:b9:e4:74:08:57:eb:5a:87:81:c2:30:3e:ca:23:a2:81:97:f5:8f:7d:fc:60:7d:ca:2a:7c:bc:3a:91:0f:a1:45:6c:58:0f:36:71:d9:6b:d3:ca:0c:28:e6:61: rsa(e):01:00:01: Additional info: On CentOS 7 during PHP 7.3 configure: | /* confdefs.h */ | #... | #define HAVE_CURL_SSL 1 | /* end confdefs.h. */ | | #include <strings.h> | #include <curl/curl.h> | | int main(int argc, char *argv[]) | { | curl_version_info_data *data = curl_version_info(CURLVERSION_NOW); | | if (data && data->ssl_version && *data->ssl_version) { | const char *ptr = data->ssl_version; | | while(*ptr == ' ') ++ptr; | return strncasecmp(ptr, "OpenSSL", sizeof("OpenSSL")-1); | } | return 1; | } | configure:24506: result: no configure:24515: checking for gnutls support in libcurl configure:24543: ccache gcc -o conftest -lcurl conftest.c -lbz2 -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto >&5 configure:24543: $? = 0 configure:24543: ./conftest configure:24543: $? = 7 configure: program exited with status 7 configure: failed program was: | /* confdefs.h */ | #... | #define HAVE_CURL_SSL 1 | /* end confdefs.h. */ | | #include <strings.h> | #include <curl/curl.h> | | int main(int argc, char *argv[]) | { | curl_version_info_data *data = curl_version_info(CURLVERSION_NOW); | | if (data && data->ssl_version && *data->ssl_version) { | const char *ptr = data->ssl_version; | | while(*ptr == ' ') ++ptr; | return strncasecmp(ptr, "GnuTLS", sizeof("GnuTLS")-1); | } | return 1; | } | configure:24560: result: no configure:24673: checking for curl_easy_perform in -lcurl configure:24698: ccache gcc -o conftest -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fno-strict-aliasing -pipe -Wno-all -fvisibility=hidden -Wl,--enable-new-dtags -lcurl conftest.c -lcurl -lbz2 -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto >&5 configure:24698: $? = 0 configure:24707: result: yes configure:24828: checking for curl_easy_strerror in -lcurl configure:24853: ccache gcc -o conftest -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fno-strict-aliasing -pipe -Wno-all -fvisibility=hidden -Wl,--enable-new-dtags -lcurl conftest.c -lcurl -lbz2 -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto >&5 configure:24853: $? = 0 configure:24862: result: yes configure:24981: checking for curl_multi_strerror in -lcurl configure:25006: ccache gcc -o conftest -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fno-strict-aliasing -pipe -Wno-all -fvisibility=hidden -Wl,--enable-new-dtags -lcurl conftest.c -lcurl -lbz2 -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto >&5 configure:25006: $? = 0 configure:25015: result: yes ... ac_cv_lib_curl_curl_easy_perform=yes ac_cv_lib_curl_curl_easy_strerror=yes ac_cv_lib_curl_curl_multi_strerror=yes
CURLINFO_CERTINFO is not supported by the RHEL-7 version of curl. We would need to backport (at least) the following two upstream patches to make it work: https://github.com/curl/curl/commit/curl-7_31_0-56-g3a24cb7bc https://github.com/curl/curl/commit/curl-7_33_0-80-gf6c335d63 If this feature is important for your business, please contact Product Support.