PHP SDK Demystified – How CURL Error 60 is handled?

Have you ever encountered curl error 60 when using the PHP SDK?

The first (and hopefully the last) time that I encountered is when I try to setup my own web server at home (using Windows 2003 server).

What I did at that time is simply install Windows 2003 on a virtual machine (using virtualBox) by usin the default options and then setup a web site under IIS.  And for sure, I did nothing on setting on any certification etc.

If you captured the error message, you will see that it is “CURL Error 60: SSL certificate problem, verify that the CA cert is OK.”

I just know the basic idea of how the problem happens but I am not an expert on this topics.  So I will not go into the details.  Simply google that if you want to know more.

Now, let take a look at how the PHP SDK handles this.

In the makeRequest function, there is code segment:

  curl_setopt_array($ch, $opts);
  $result = curl_exec($ch);

  if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
    self::errorLog('Invalid or no certificate authority found, using bundled information');
    curl_setopt($ch, CURLOPT_CAINFO,
                dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
    $result = curl_exec($ch);
  }

As seen in the above code, in case of error 60 is encountered, PHP SDK will log this and set the fb_ca_chain_bundle.crt file that comes with the PHP SDK as one of the options for the curl command and then resend the request (i.e. call curl_exec($ch)).

This may not be the “best” approach to handle this as every request will only be accepted by Facebook in the retry.

What I normally do when using a new server to run Facebook app built on top of the PHP SDK is:

  • Do not upload the fb_ca_chain_bundle.crt.
    This is to make sure if I encountered curl error 60, the PHP SDK cannot handle it.
  • If curl error 60 is indeed countered, I will upload the fb_ca_chain_bundle.crt and modify the PHP SDK so that this .crt file is used in the first request (instead of the retry).

That’s will solve your problem!

In fact, if you search in the Facebook developer forum, you will also find another solution on how this curl error 60 is solved…..

This entry was posted in PHP SDK Demystified and tagged . Bookmark the permalink.

One Response to PHP SDK Demystified – How CURL Error 60 is handled?

  1. Mark Lewis says:

    Hiya, this is what worked for moi.

    Facebook::$CURL_OPTS[CURLOPT_CAINFO] = getcwd() . ‘\include\fb_ca_chain_bundle.crt’;

    (My .crt file is in my ‘include’ directory and I’m assuming my site is being hosted on a windows box 😐 Just make sure that you set ‘Facebook::$CURL_OPTS[CURLOPT_CAINFO]’ to your full path + .crt file name and Bob’s your uncle.

Leave a Reply

Your email address will not be published. Required fields are marked *