What is correct interpretation of curl payment method prepared on [stripe][1]
curl https://api.stripe.com/v1/payment_methods \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d type=card \
-d "card[number]"=4242424242424242 \
-d "card[exp_month]"=10 \
-d "card[exp_year]"=2022 \
-d "card[cvc]"=314
my code is:
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://api.stripe.com/v1/payment_methods',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => 'type=card&card%5Bnumber%5D=4242424242424242&card%5Bexp_month%5D=10&card%5Bexp_year%5D=2022&card%5Bcvc%5D=314',
CURLOPT_HTTPHEADER => array(
'Authorization: Basic c2tfdGVzdF80ZUMzOUhxTHlqV0Rhcmp0VDF6ZHA3ZGM6',
'Content-Type: application/x-www-form-urlencoded'
),
));
$response = curl_exec($curl);
curl_close($curl);
But I dont know how to use: -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \ in curl_setopt_array
on cURL or bash "-u" designed user or password (u of user)
on cURL php it is :
CURLOPT_USERPWD
curl_setopt($ch, CURLOPT_USERPWD, "sk_test_4eC39HqLyjWDarjtT1zdp7dc");
For more info with stripe curl CURLOPT_USERPWD, check the link : Stripe API - PHP Curl request behind a proxy
Taken from https://curl.se/docs/manpage.html#-u:
-u, --user <user:password>
Specify the user name and password to use for server authentication. Overrides -n, --netrc and
--netrc-optional.
If you simply specify the user name, curl will prompt for a password.
The user name and passwords are split up on the first colon, which
makes it impossible to use a colon in the user name with this option.
The password can, still.
On systems where it works, curl will hide the given option argument
from process listings. This is not enough to protect credentials from
possibly getting seen by other users on the same system as they will
still be visible for a brief moment before cleared. Such sensitive
data should be retrieved from a file instead or similar and never used
in clear text in a command line.
When using Kerberos V5 with a Windows based server you should include
the Windows domain name in the user name, in order for the server to
successfully obtain a Kerberos Ticket. If you don't then the initial
authentication handshake may fail.
When using NTLM, the user name can be specified simply as the user
name, without the domain, if there is a single domain and forest in
your setup for example.
To specify the domain name use either Down-Level Logon Name or UPN
(User Principal Name) formats. For example, EXAMPLE\user and
user#example.com respectively.
If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,
Negotiate, NTLM or Digest authentication then you can tell curl to
select the user name and password from your environment by specifying
a single colon with this option: "-u :".
If this option is used several times, the last one will be used.
Example:
curl -u user:secret https://example.com
In short, it is for basic HTTP authentication.
Related
The following script works on PHP 5.6.23:
$options = [
CURLOPT_POST => 1,
CURLOPT_URL => 'https://uat.dwolla.com/oauth/rest/offsitegateway/checkouts',
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_POSTFIELDS => json_encode(['name'=>'value']),
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_CAINFO => '/path/to/certs/GoDaddyRootCertificateAuthority-G2.crt',
];
$ch = curl_init();
curl_setopt_array($ch, $options);
if( ! $result = curl_exec($ch)) $err = curl_error($ch);
else $err = null;
curl_close($ch);
if($err) echo $err;
else print_r(json_decode($result,true));
I get the expected response from Dwolla's payment API. To make my script more dynamic, I tried to change it to refer to the directory that hosts the certs I want cURL to trust. So I changed the last option (CURLOPT_CAINFO) to:
CURLOPT_CAPATH => '/path/to/certs'
This breaks the script however and no connection is made; the error is:
SSL certificate problem: unable to get local issuer certificate
I know the directory is correct and the cert file is valid since the original script refers to the cert in that same directory. I expected cURL to scan the files in the directory and find the cert it needs but this isn't happening. Why is this?
It does not work if you just point CApath to some directory and put the certificates into this directory. To make the finding of the correct CA certificate efficient the files in this directory need to have names derived from the subject of the certificate. For example you'll might find the following in /etc/ssl/certs:
ff783690.0 -> UTN_USERFirst_Hardware_Root_CA.pem
ff588423.0 -> ComSign_CA.pem
...
Here the filenames are based on the hashes of the certificate's subject and point to the real certificate. For information on how to create the necessary filename see How to calculate the hash value used by CA file names
.
See also the man page for openssl verify:
-CApath directory
A directory of trusted certificates. The certificates should have names of the form: hash.0 or have symbolic links to them of this form ("hash" is the hashed certificate subject name: see the -hash option of the x509 utility). Under Unix the c_rehash script will automatically create symbolic links to a directory of certificates.
I have a situation while trying to do a GET method with curl to get xml from distant web api.
$url = 'xxxx.com'
$key = '/KEY/PRIVATE.KEY'
$perm = '/KEY/CERT.PEM'
$options = array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSLCERT => $perm ,
CURLOPT_SSLKEY => $key,
CURLOPT_HEADER => false,
);
$curl = curl_init();
curl_setopt_array($curl , $options);
$resp = curl_exec($curl);
curl_close($curl);
I have to link SSL cert and pem, but $resp is always returned as false.
This is what my cURL request should be in command prompt :
curl -k -v -X GET "[-URL-]" --cert ./KEY/CERT.pem --key ./KEY/PRIVATE.KEY
Any help would be strongly appreciated...
EDIT
So, I used two methods to try to debug :
With stderr I have:
string ''.' unknown as intern or extern command, program file or executable file
' (length=117)
And with die(curl_error($curl)) I get this :
unable to use client certificate (no key found or wrong pass phrase?)
So, I actually make my URL with two string ($url = a . b), but this is supposed to work, or am I crazy?
For the ssl error, I don't get why I have this issue since this works totally fine on command prompt...
EDIT 2
So, I found out how to solve in part my issue : I had to use realpath().
But now I have a new issue :
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
So, I found some responses on stackoverflow that say to update cacert.pem file.
I did it, added CURLOPT_CAINFO => $cainfo,
in $options and put curl.cainfo = "PATH_TO/cacert.pem" in both of my php.ini (apache + php => WAMP). (PATH_TO already replaced by my true path).
Anyway, after all thoses changes, I still have the same issue.
I have to work under php 5.3, would it be the cause?
EDIT 3
Finnally found my answer. I should have look for curl options more carefully...
In command prompt -k allows an insecure connexion.
So, in php, I just have to set CURLOPT_VERIFYPEER to false.
FYI, I based myself on the doc that the distant web api gave to me .
Regards,
I'm working on a PHP script that has to connect to an REST API. The provider of the API, suggested to use cURL. They gave me an example of how to use it in the command line:
curl -D- -u "user:password" -X GET -H "Content-Type: application/json" http://example.com/api/searchFunction?jql=assignee=user1
The PHP script is the following:
<?php
$defaults = array(
CURLOPT_HEADER => true,
CURLOPT_URL => 'http://example.com/api/searchFunction?jql=assignee=user1',
CURLOPT_USERPWD => "user:password",
CURLOPT_HTTPAUTH => 'CURLAUTH_BASIC'
);
$ch = curl_init();
curl_setopt_array($ch, ($defaults));
echo "cURL output: ".curl_exec($ch);
curl_close($ch);
?>
As you can imagine, the command line version works fine, but in the PHP version I got the following error:
Field 'assignee' does not exist or this field cannot be viewed by anonymous users.
That suggests that the user login validation doesn't works. However, the user and password are correct.
I was looking for already answered posts of cURL parameters equivalents between the command line version and the PHP version but couldn't find the correct parameters for the PHP version.
You haven't fully replicated your cURL command yet.
For starters, you've never set the Content-Type: application/json header option. You need to set that using the CURLOPT_HTTPHEADER option.
Secondly, command line cURL and PHP's cURL use different User-Agent values.
Consider enabling the command line cURL's verbose option so you can see all the information it's sending, then replicate it PHP.
I am trying to send a REST request. The example I have been given by the system docs is this:
$ curl --digest -u admin:<passwd> http://1.2.3.4/r/users/12345/calls/recent
{"data": [
{"state_msg": "Finished",
"code": 200,
"dst_codecs": "PCMU,PCMA,iLBC,telephone-event",
"src_codecs": "PCMU,PCMA,telephone-event,iLBC",
"pid": 1250018007,
"url": "\/r\/users\/12345\/calls\/1250018007:16739",
[...]
}
[...]
]}
what is this example trying to tell me? what is the data information there? Is that what i need to send. If so, how would i send it? I have read this post: Call a REST API in PHP but I am still unsure of how to structure my call. would it be something like this?
$data = array('state_msg' => 'state_msg','code'=>'200'.....);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, "admin:<password>");
curl_setopt($curl, CURLOPT_URL, "http://1.2.3.4/r/users/12345/calls/recent");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
I start with the beginning of the example:
$ curl
The $ sign denotes a unix shell prompt with standard user privileges.
Then a space separates the command which is curl here.
Each command has (normally) a manual page, you get it with the man command:
$ man curl
That should explain all the rest to you, as those man-pages explain all of the commands switches and options.
If you don't have such a shell prompt at hand and you do not like to consider installing one, many commands have their man pages as well in the internet. Here for curl:
http://curl.haxx.se/docs/manpage.html
After you've understood what that concrete command does, you just look-up the related options in the PHP manual on the curl_setopt page. How this works is demonstrated in the following example:
Convert command line cURL to PHP cURL
Example:
$ curl --digest -u admin:<passwd> http://1.2.3.4/r/users/12345/calls/recent
########
This switch relates to the CURLAUTH_DIGEST value of the CURLOPT_HTTPAUTH setting.
$handle = curl_init($url);
curl_setopt_array($handle, [
...
CURLOPT_HTTPAUTH => CURLAUTH_DIGEST, // --digest
...
]);
Compare with the Curl C-API which is just wrapped by PHP:
How to post http request using digest authentication with libcurl
This question already has answers here:
PHP - SSL certificate error: unable to get local issuer certificate
(19 answers)
Closed 1 year ago.
I am trying to download the content of a secure (uses https) webpage using php and curl libraries.
However, reading failed and I get error 60: "SSL certificate problem, verify that the CA cert is OK."
also "Details: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
So...pretty self explanatory error msg's.
My question is: How do I send an SSL certificate (the right one?) and get this page to verify it and let me in?
Also, here is my options array in case you are wondering:
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => true, // follow redirects
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:x.x.x) Gecko/20041107 Firefox/x.x", // who am i
CURLOPT_AUTOREFERER => true, // set referer on redirect
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_SSL_VERIFYHOST => 1,
);
Any suggestions would be great,
Andrew
It sounds like you might be misinterpreting the error. It looks to me like the site you're connecting to is self-signed or some other common problem. Just like the usual browser warning, you're easiest work around is to disable the checks.
You'll need to set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to FALSE. This should disable the two main checks. They may not both be required, but this should at least get you going.
To be clear, this disables a feature designed to protect you. Only do this if you have verified the certificate and server by some other means.
More info on the PHP site: curl_setopt()
If you want to use SSL peer verification (turning it off is not always good idea) you may use next solution on Windows globally for all applications:
Download file with root certificates from here:
http://curl.haxx.se/docs/caextract.html
Add to php.ini:
curl.cainfo=C:/path/to/cacert.pem
that's all magic, CURL can now verify certificates.
(as I know there is no such problem on Linux, at least on Ubuntu)
Even after following advice on SO.. You may still have problems with an error like:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
the problem is with the SSL version. Use the following for version 3
curl_setopt($ch, CURLOPT_SSLVERSION,3)
I am assuming that u have enabled verification of peer and host as well and are pointing to an actual certificate file. Eg.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/cacert.pem");
This is a "problem" with openssl and VeriSign.
I had a similar problem and my openssl was missing the intermediate ssl certificate used by VeriSign to sign the server certificate.
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657
I had to import these intermediate certificates from the VeriSign Homepage or Firefox cert-database-export into my local ca-certificates list and after this step I was able to use wget/curl to use the protected connection without any errors.
If it's a developer machine - you can also add this certificate in you system.
Something like this - https://www.globalsign.com/support/intermediate/intermediate_windows.php
It's for WinXP, but it works also on other versions of windows.
You're not SENDing the SSL cert. It appears there's a problem with the SSL cert as it is installed on the host you are contacting. Use option -k or --insecure, to get past the complaint.
Ah. See Ryan Graham's answer
This is apparently on openssl bug. Tomcat can be configured to work around this in /etc/tomcat7/server.xml by restricting the available cipher list:
<Connector protocol="HTTP/1.1" SSLEnabled="true" ... ciphers="SSL_RSA_WITH_RC4_128_SHA"/>