How can I set CURLOPT_CAINFO globally for PHP?

I understand that I can set the option on any specific instance, however what I would really like is to set something up php.ini or somewhere similar which will handle this across all projects and al开发者_运维百科l instances.

Does anyone know a way for me to accomplish this?

EDIT: I am particularly interested in a solution which will allow for the certificates to be in different locations on different servers.

I am developing on a Windows machine which needs this but deploying to a Linux server which not only doesn't need it but doesn't even have the path indicated.

I understand that I can use conditions to check where the code is running but would prefer to just have it work out of the box. It seems to me that this is really an issue for curl and PHP to handle rather than my code and hence the settings for it belong there.

I found the answer here (in the user notes): http://php.net/manual/en/function.curl-setopt.php

Just add this to you .ini (note: you cannot use ini_set, although I don't know why you would want to. Thanks @Carlton):

curl.cainfo=c:\php\cacert.pem

And get that file from: http://curl.haxx.se/docs/caextract.html

Works and you aren't opening yourself up for MITM attacks

Here is a patch to 'emulate' what we can see on linux when a valid crt data has been found at build time (which is the case for almost all distros):

http://www.php.net/~pierre/patches/curl_cacert_default.txt

it adds a (system) ini settings to define the path to the cacert, curl.cainfo=c:\curl\ca.crt

cacert data can be fetched here: http://curl.haxx.se/docs/caextract.html

DLL for php 5.3 can be found here: http://www.php.net/~pierre/test/curl-5.3-vc9-x86-ts-nts-cainfodefault.zip DLL for php 5.2 can be found here: http://www.php.net/~pierre/test/curl-5.2-cainfodefault.zip

Please let me know how it works.

1. download cacert.pem add to folder php
2. copy url the place of file cacert.pem
3. [curl] curl.cainfo="C:/xampp/php/cacert.pem"

@Matt is right, but I would add that curl.cainfo is a PHP_INI_SYSTEM directive so you must set it in php.ini...using the ini_set function in a script will always return false as I found out after too many minutes of head banging

You could create a wrapper function which sets the option and use php.ini's auto_prepend_file to load the file it's defined in, but your code would have to be changed to use this wrapper function instead.

Example:

function my_curl_init($url=null) {
  $ch = curl_init($url);
  curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/cert/ca.crt');
  return $ch;
}