I am a developer (new to Drupal) that was experiencing some cURL errors on a Feed Import of an .ICS file. When the import happened an error was thrown in Drupal:
CurlException: 60: Peer certificate cannot be authenticated with given CA certificates.
Centos: 6.2 Unix
It was learned the client that the connection was being established with had a primary GoDaddy SSL cert, but no intermediate certificate set up. Plan was made to add a CURL exception:
curl -G http://certificates.godaddy.com/repository/gd-class2-root.crt > gd_intermediate.crt
curl -k --insecure "https://xxxx.com"
curl --cacert ./ca-bundle.crt "https://firstname.lastname@example.org/xxx.ics?event_types=24" \\(and all variants on the url)
This did not work. A curl-ca-bundle.crt was created with the Godaddy cert key. Also did not work.
Module was patched by adding, and the method seems to import all feeds successully:
curl_setopt($download, CURLOPT_SSL_VERIFYPEER, FALSE);
The information being accessed is not sensitive and the vendor will likely not do the necessary steps to complete the intermediate SSL certificate. I realize it opens up a security gap for the feed.
Is there any way, outside of changing the module core, or perhaps doing an update on the module itself to make the feed successfully import? I know I could also export the key from the vendor via a browser and change the module:
chacurl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/CAcerts/BuiltinObjectToken-EquifaxSecureCA.crt");
- the exported key would be the .crt referred to above.