I have to call an api that requires the client certificate authentication.
I test this api in postman with client certification and its working perfectly.
Now i want to do it with php curl.
I tried below code but its giving me following error.
HTTP/2 stream 0 was not closed cleanly: HTTP_1_1_REQUIRED (err 13)
$url = 'https://someurl';
$json = 'somejson';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);
curl_setopt($ch, CURLOPT_SSLCERT, __DIR__."/certificate.pem");
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, __DIR__."/privatekey.key");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
$responseData = curl_exec($ch);
if(curl_errno($ch)) {
echo curl_error($ch);
}
curl_close($ch);
The error message has all the clues you need: HTTP_1_1_REQUIRED
TLS client certificates are not supported for HTTP/2, so you need to make sure your curl request is done using HTTP/1.1 by explicitly asking for that. curl will by default upgrade to HTTP/2 on HTTPS URLs otherwise.
Set CURLOPT_HTTP_VERSION to CURL_HTTP_VERSION_1_1.
Related
We set up a PayPal express checkout about 2 weeks ago which worked perfectly until a couple of days ago it didn't.
On PayPal the transactions is ok but when I try to log in with cURL to check the transaction the inital merchant/client login fails but cURL shows no error.
I know that PayPal is upgrading to TLS 1.2 and HTTP/1.1 but I did the test check were our server/site passed.
This is how I initated the communication with paypal (this worked until now):
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://paypal.com/v1/oauth2/token');
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_USERPWD, 'CLIENT_ID:SECRET');
curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials');
$result = curl_exec($ch);
Now if I print out $result its empty, if I print out curl_errno its 0 and curl_error also empty
so because of TLS 1.2 I modified the code like this
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://paypal.com/v1/oauth2/token');
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_USERPWD, 'CLIENT_ID:SECRET');
curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials');
$result = curl_exec($ch);
but it fails exactly the same as the previous code.
What could be the problem?
or is it possible that if the login is ok the result is empty?
I'm using curl to send an xml file over https to the rightmove API - they supplied me with all the certificates.
I am getting the error :
60SSL certificate problem: unable to get local issuer
certificateResult =
I have tried everything i have found on every other stackoverflow post similar and nothing is working, i have tried downloading the old cacert.pem and changed the files in php.ini - ive installed my personal information file andcreated a certificate on the browser and local machine and nothing is removing the error 60.
This is my PHP :
<?php
$xml = file_get_contents("myxml.xml");
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__).'\mypem.pem');
curl_setopt($ch, CURLOPT_URL, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_REFERER, 'https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_VERBOSE , 1);
$ch_result = curl_exec($ch);
print curl_errno($ch);
print curl_error($ch);
echo "Result = ".$ch_result;
curl_close($ch);
?>
this has had me banging my head for days, i would be very grateful for any assistance.
For my particular case i needed to add the keyfile, sslcert and cert password.
//$xml = file_get_contents("thexmlfile.xml");
$xml= $propertyXml->asXML();
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . '\pemfile.pem');
curl_setopt($ch, CURLOPT_URL, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSH_PRIVATE_KEYFILE, getcwd() . '\myjks.jks');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '\pemfile.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "thesslpassword");
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_REFERER, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_VERBOSE , 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$ch_result = curl_exec($ch);
print curl_errno($ch);
print curl_error($ch);
echo "Result = ".$ch_result;
curl_close($ch);
It is failing as curl is unable to verify the certificate provided by the server.
There are two options to get this to work:
1 Allows curl to make insecure connections, that is curl does not verify the certificate.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2 Add the root CA (the CA signing the server certificate) in php.ini
curl.cainfo=/path/to/cacert.pem
You should use option 2 as thats the option that ensures that you are connecting to secure ftp server.
I was getting the same "SSL certificate problem: unable to get local issuer certificateResult" error with HTTP GET to a remote https site. I only needed to provide the CA cert to php curl, ie CURLOPT_CAINFO:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/CA_Bundle.crt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$output = curl_exec($ch);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
print "curl_error: $error_msg <br>";
} else {
print "output: $output<br>";
}
curl_close($ch);
I am sending request by cURL to server by following code, and it is giving permission error as "Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server".
the cURL code is...
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $my_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "key=".$my_key);
curl_setopt($ch,CURLOPT_REFERER, site_url());
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$res = curl_exec($ch);
curl_close($ch);
return $res;
anybody please guide me what is error, or what should I do to resolve issue.
thanks a lot.
The error seems to be related to SSL i.e. https request. You can ignore verification by adding below lines:
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
I am unable to execute an URL through curl. But if simply run the query thrugh browser, its working fine. My code is like:
$xmlData = "<Leads><row no='1'><FL val='First Name'>".$new_fname."</FL><FL val='Last Name'>".$new_lname."</FL><FL val='Email'>".$new_email."</FL><FL val='Phone'>".$new_ph_no."</FL></row></Leads>";
$xmlData = htmlentities($xmlData);
$ch = curl_init("https://crm.zoho.com/crm/private/xml/Leads/insertRecords?newFormat=1&authtoken=XXX&scope=crmapi&xmlData=".$xmlData);
curl_setopt($ch, CURLOPT_VERBOSE, 1);//standard i/o streams
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);// Turn off the server and peer verification
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'rsa_rc4_128_sha'); //for godaddy server patch
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//Set to return data to string ($response)
curl_setopt($ch, CURLOPT_POST, 1);//Regular post
$response = curl_exec($ch);
curl_close($ch);
could you please let me know where is the issue?
Thanks in advance.
The following code should work:
$ch = curl_init("https://crm.zoho.com/crm/private/xml/Leads/insertRecords?newFormat=1&authtoken=XXX&scope=crmapi&xmlData=".$xmlData);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
// deactivate certificate checking
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//Set to return data to string ($response)
curl_setopt($ch, CURLOPT_POST, 1);//Regular post
$response = curl_exec($ch);
if(!$response) {
echo curl_error($ch), PHP_EOL;
}
curl_close($ch);
After discussion comments I realized that the problem is, that you haven't installed the Thawte ssl certificate on your system. You have two options:
Install the certificates
Disable certificate checking using CURLOPT_VERIFYPEER = FALSE
I've used the second approach in my example just to show how to make your code working. For a production system I would advice you to install the certificates.
I am integrating with FirstData wsdl. following the First Data Global Gateway
Web Service API
Integration Guide
. $kslocation is path to .key file. $kslocation is the path to .pem file and all these paths are valid.
$ch = curl_init($wsdl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$userid:$password");
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSLCERT, $pemlocation);
curl_setopt($ch, CURLOPT_SSLKEY, $kslocation);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $keyname);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
echo curl_error($ch)."\n";
curl_close($ch);
is giving me error.
SSL read: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1
alert decrypt error, errno 0
The problem was I was using the test account url. I changed it to the live url and it worked.