error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Today debug https interface when encountered such an error:
curl errno = 60; curl error = SSL Certificate problem, the Verify that the OK at The CA CERT IS the Details:.
Error: 14,090,086: SSL routines: SSL3_GET_SERVER_CERTIFICATE: the Verify failed The Certificate

Found a related article using-curl-in-php- to-access-https-ssltls-protected-sites

A temporary solution by article describes a method to bypass the detection certificate:

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);

After such settings, it can normally performed.

However, proper treatment method described in the article by downloading the certificate, and specify

curl_setopt($curl, CURLOPT_CAINFO, getcwd().'/CA/***.crt');

After the execution of the request again, but did not solve the problem.

Some strange, when before using Framework class library operations do not have this problem, and then checked the framework library source code, find the following configurations:

curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);

Confirmed at these two specific role configuration parameters are:

CURLOPT_SSL_VERIFYPEER  

FALSE 禁止 cURL 验证对等证书（peer's certificate）。要验证的交换证书可以在 CURLOPT_CAINFO 选项中设置，或在 CURLOPT_CAPATH中设置证书目录。     

自cURL 7.10开始默认为 TRUE。从 cURL 7.10开始默认绑定安装。
-----------------------------
CURLOPT_SSL_VERIFYHOST  

设置为 1 是检查服务器SSL证书中是否存在一个公用名(common name)。
译者注：公用名(Common Name)一般来讲就是填写你将要申请SSL证书的域名 (domain)或子域名(sub domain)。 
设置成 2，会检查公用名是否存在，并且是否与提供的主机名匹配。 0 为不检查名称。 在生产环境中，这个值应该是 2（默认值）。     

值 1 的支持在 cURL 7.28.1 中被删除了。

Check your own server version of curl curl --version, it turned out to be 7.22, or support CURLOPT_SSL_VERIFYHOST value configuration 1.

Continue checked "Peer Certificate" this thing, found that the certificate may need to oscp certificate server to verify the validity, while "CURLOPT_SSL_VERIFYPEER" this option if you do not set, the default is true, that is the need to oscp certificate server to verify the effective sex, yet our servers use certificates, are self-generated, not buy, so here determine the problem are far more likely because the certificate server uses its own generated when the curl this parameter is not set the default server to oscp certificate to verify certificates have not been through an error.

Because the company does not currently use to purchase a certificate, so it can not continue verify "CURLOPT_SSL_VERIFYPEER" is true when using a purchased certificate is able to perform correctly.