CURL : Use CURLSSLOPT_NATIVE_CA on Windows to use system CA store

[thomas-saigne]

Problem Statement

Hello,

I've got the following issue, due to the missing curl.cafile on windows... sentry/sentry: [error] Failed to send debug event [xxxxxxxxxx] to xxxxxxx [project:xx]. Reason: "cURL Error (60) SSL certificate problem: self-signed certificate in certificate chain". The problem is on PHP 8.3.8 with Sentry 4.9.0 on Windows, when on Linux, the same code works fine. So I found 2 solutions with this article (https://php.watch/articles/php-curl-windows-cainfo-fix) 1- Tell cURL to parse the system certificate store : curl_setopt($ch, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA); (seems pretty good 😃 ) 2- Get and maintain my own curl.cafile on my project (seems pretty painfull 😢 )

But I can't change the option in curl since it's in the Sentry sdk.

Could you have a look please ? Thanks !

Solution Brainstorm

In the original article, they give the full if to do it properly (could add a check if system is windows) if (defined('CURLSSLOPT_NATIVE_CA') && version_compare(curl_version()['version'], '7.71', '>=')) { curl_setopt($ch, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA); }

But it could also be an option as the httpSslVerifyPeer ? src/HttpClient/HttpClient.php::sendRequest