php - Paypal Access - SSL certificate: unable to get local issuer certificate

Question

I'm working with cUrl and PHP to make a request to a server (for paypal access)

Paypal developer website does never mention that an SSL certificate is required to use PayPal access API, however the code that I use to request the token is the following:

$options = array(
                CURLOPT_URL => $url,
                CURLOPT_POST => 1,
                CURLOPT_VERBOSE => 1,
                CURLOPT_POSTFIELDS => $postvals,
                CURLOPT_RETURNTRANSFER => 1,
                CURLOPT_SSLVERSION => 3
);

curl_setopt_array($ch, $options);

$response = curl_exec($ch); 
echo curl_error($ch);

This echo outputs the following error:

SSL certificate problem: unable to get local issuer certificate

My questions are:

1) do I need SSL to use paypal access if I need only to get the user email?

2) if I do not need SSL why this error occours?

PS: the endpoint is the following: https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice

Answer 1

The correct solution is to fix your PHP setup.. setting CURLOPT_SSL_VERIFYPEER to false is a quick hack, but it's wrong as you disable the certificate validation by it's certificate authority. This exposes you to a man-in-the-middle attack.

It's easy to fix (php 5.3.7 or higher) - Download a list file with an up-to-date certificate authorities, and add this setting to your php.ini
curl.cainfo=<path-to>cacert.pem

Restart your web server, and it'll work !