If I make a request over HTTP with cURL/PHP, the headers (SOAPAction etc) are being sent. However if I send the same request over HTTPS, the headers are not being sent. Could this be related to a cURL bug or some type of configuration setting for Curl/PHP?
This is because HTTPS requires exchanging and verify the SSL cert which protects the URL so if you hit an HTTPS URL you will receive an error because you aren't handling the security translation.
// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Get the response and close the channel.
$response = curl_exec($ch);
curl_close($ch);
Will generate this error:
Failed: Error Number: 60. Reason: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
You can mitigate this with an insecure setting update, just add this line before calling curl:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Otherwise you need to set CURLOPT_CAINFO to a CA certificate authority that should be trusted.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "path/to/trusted/cert");