Update to include proper SSL certificate verification (or not)!

[rmorse]

When using this 'out of the box' to have a login system using Twitter I get the following error

Fatal error: Uncaught exception 'Exception' with message 'Error fetching remote https://api.twitter.com/oauth/access_token [ status 0 ] SSL certificate problem, verify that the CA cert is OK

After some research I learned I needed to set the curl option CURLOPT_SSL_VERIFYPEER to false, to bypass the verification and get everything working, or in order to avoid 'man in the middle' attacks and keep the verification I needed to download the certificate from api.twitter.com and verify it like:

$certpath = $_SERVER['DOCUMENT_ROOT']."/path/to/certificates/crt.from.api.twitter.com.crt";
curl_setopt ($remote, CURLOPT_SSL_VERIFYPEER, TRUE); 
curl_setopt ($remote, CURLOPT_CAINFO, $certpath);

The only problem when deploying the correct second method, in a website I won't be maintaining in a year, is that this particular certificate will expire on the 31st Dec 2013, which will then cause errors after the mentioned date unless the new certificate is downloaded and installed - not practical!