Headers not sent when making a cURL/PHP request over HTTPS

If I make a request over HTTP with cURL/PHP, the headers (SOAPAction etc) are being sent. However if I send the same request over HTTPS, the headers are not being sent. Could this be related to a cURL bug or some type of configuration setting for Curl/PHP?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This is because HTTPS requires exchanging and verify the SSL cert which protects the URL so if you hit an HTTPS URL you will receive an error because you aren’t handling the security translation.

// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);

// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Get the response and close the channel.
$response = curl_exec($ch);

Will generate this error:

Failed: Error Number: 60. Reason: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

You can mitigate this with an insecure setting update, just add this line before calling curl:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

Otherwise you need to set CURLOPT_CAINFO to a CA certificate authority that should be trusted.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "path/to/trusted/cert");

Hard to tell because we have absolutely no idea how you’re using Curl.