I'm writing a simple cURL script to request data from a website (https://openweathermap.org) which is HTTPS.
Basically, we need to configure curl instance to deal with SSL-enabled websites, through something like this:
curl_setopt($ch, CURL_CAINFO, "path/to/cert");
However, I tried at first to make a request using the testing URL provided by openweathermap.
<?php
$ressource = curl_init("https://samples.openweathermap.org/data/2.5/weather?q=London,uk&appid=439d4b804bc8187953eb36d2a8c26a02");
$data = curl_exec($ressource);
curl_close($ressource);
Normally, I would have an error like: Error: SSL certificate problem: unable to get local issuer certificate
Instead, the request works perfectly:
Is it supposed to work and not return an error by not providing an SSL certificate when requesting an HTTPS URL?
Did I miss something about requesting HTTPS URLs via cURL?
Related
I am trying to use Luminati.oi proxy service to crawl URLs but there seems to be a problem with my server connecting to the proxy and utilizing the CURLOPT_PROXY functionality.
$curl = curl_init('http://lumtest.com/myip.json');
curl_setopt($curl, CURLOPT_PROXY, 'http://example:24000');
curl_exec($curl);
$result = curl_exec($curl); echo $result;
echo 'Curl error: ' . curl_error($curl);
curl_close($curl);
I get no response at all from the target URL and the curl_error() function returns Curl error: Failed to connect to exmaple port 24000: Connection refused there are several variations on how to compose the CURL that Luminati.io provides, none seem to work.
If I remove the CURLOPT_PROXY option and just send the request direct from my server with no proxy, it works just fine and I get the correct response back from the target URL. So my server seems okay with CURL just not the proxy function.
The URL and port for the proxy server at luminati.io seem to work fine when using the desktop proxy manager. So the proxy service seems to work okay, the target URL is good and my server can use CURL with no problem, so it seems the issue is isolated around the CURLOPT_PROXY not working. The good people over at Luminati.io think there is some type of server setting or firewall in my Apache Linux server that wont allow the proxy connection to occur, I can't find this setting anywhere and Hostgator seems useless and apathetic when asked.
So I'm hoping someone can provide some greater insight into why CURLOPT_PROXY function wont work.
You can ask Hostgator to give you access to port 22225. I think this is the correct port used by Luminati.
This is how you can contact Hostgator: http://support.hostgator.com/articles/open-new-ports
I am trying to retrieve details of a page/profile from Facebook into my PHP application. So I retrieve the id first and then run the following query. However I am getting an error.
I am getting the following error:
Warning: file_get_contents(https://graph.facebook.com/v2.8/40444963499?fields=id,name,picture.width(700).height(700),albums.limit(5){name,photos.limit(2){name, picture}},posts.limit(5)&access_token="my access token here"): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request
However, if I run the same URL on the browser, I get back the JSON correctly.
Windows almost always has problems with SSL certificates, I wouldn't recommend you do this for your production site, but during development it's fine. By disabling the SSL check you're effectively saying you don't care if the site has a valid SSL certificate, which means that if someone was trying to impersonate graph.facebook.com you would be communicating with this site that is likely trying to steal your access token.
$context = stream_context_create(array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
)
));
file_get_contents('https://graph.facebook.com/v2.8/40444963499?fields=id,name,picture.width(700).height(700),albums.limit(5){name,photos.limit(2){name, picture}},posts.limit(5)&access_token=FB_ACCESS_TOKEN', null, $context);
Now if you're interested in actually fixing the problem on your machine, then review this answer: PHP - SSL certificate error: unable to get local issuer certificate
So the error was that there was a space in between two of the parameters passed in the url. It wasn't showing on the web browser because I assume it does not print the space but because of the space, the file_get_contents wasn't working.
I'm trying to install Vaprobash via CURL but I get this message everytime I try to download something through CURL. I'm using a Mac.
curl -L http://bit.ly/vaprobash > Vagrantfile
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Append option in curl call:
-k/--insecure
The curl will be not trying to verify SSL cert.
The link is redirecting to a secure HTTP (SSL) server, and curl doesn't have access to the proper chain of trusted certificates to confirm that the site says it is who it is.
If you're sure the site is legitimate, and this is a once-off effort, you can use the --insecure option (it will ignore any certificate errors). Opening the link in a browser directs to GitHub with no issues, and curl fetches it fine on my Ubuntu 12.04 box.
It's likely a missing certificate in your SSL installation. Run with the -v option to get a detailed output if you need to confirm this.
$url = 'https://thewebsite.com/';
$this->curl->create($url);
$this->curl->ssl(TRUE);
echo $this->curl->simple_get($url);
That's the code i'm running via codeigniter and the curl codeigniter library.
Is there any way around this?
I get nothing when i run the request.
TRUE, in this case, means that you are checking their site against an SSL certificate. If you have the certificate, then you need to pass in the third parameter of curl->ssl (the path to the certificate). If you don't want to check against their certificate, then you can simply pass FALSE as the parameter to the ssl method.
More on cURL and SSL here (not CodeIgniter, just regular ol' PHP + cURL).
I am using the latest Janrain openid library example and the discovery process seems to work well with Yahoo, myopenid.com and others...
But I am stuck with Google endpoint (https semicolon //www.google.com/accounts/o8/id). Consumer.php just returns a 406 apache error, before I am redirected to google's page.
All my installation is available here :
http://www.coplango.com/vendor/openid/examples/
Click on consumer to try the consumer example, but discovery.php fails the same way,proving it happens during discovery...
You can also check detect.php to check my installation - The HTTP fetching test fails with a 503 because it tries to reach an address which returns a 503. Rest is fine.
I supposed it was down to php-yadis specifying Accept: application/xrds+xml header but I checked the code and other types are also accepted such text/html and application/xhtml+xml.
Anyone came accross this?
Any clue?
Thank you very much!
Ok,
I have investigated further and it seems to be down to my provider, who returns a 406 error if any string containing the death word "/id" is passed as GET parameter. Took me days to figure out it was not down to openid !!
For info I am using PlanetHoster, if anyone else ever comes accross this. I have sent them a ticket request and waiting for their answer.
running the consumer example at my machine, i get the following error:
Got no response code when fetching https://www.google.com/accounts/o8/id
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
this means curl fails verifying google's https server certificate. you can workaround this by either providing curl with CA certificates to verify google's certificate via CURLOPT_CAINFO/CURLOPT_CAPATH, or - easier - stop validating the cert via CURLOPT_SSL_VERIFYPEER. the following change in Auth/Yadis/ParanoidHTTPFetcher.php accomplishes latter for me:
--- ParanoidHTTPFetcher.php.orig 2009-04-22 02:31:20.000000000 +0800
+++ ParanoidHTTPFetcher.php 2009-09-30 22:35:24.093750000 +0800
## -127,6 +127,9 ##
Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
curl_setopt($c, CURLOPT_TIMEOUT, $off);
curl_setopt($c, CURLOPT_URL, $url);
+
+ // don't verify server cert
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_exec($c);
of course, your curl installation must also support ssl - check your phpinfo(). also, if CURLOPT_SSL_VERIFYPEER is disabled, CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE.
see also http://www.openrest.eu/docs/openid-not-completely-enabled-for-google.php (via the Related Why doesn't Google OpenID provider work with PHP-OpenId on my server?).
SOLUTION:
In the .htaccess file put
SecFilterEngine Off