I appreciate this has been asked a number of times but after looking through the answers I'm still getting the following error:
Curl error: Peer certificate cannot be authenticated with known CA certificates
I have the below code, which works on a non-https version of the site (different server), however, it won't work on the live site running https. My assumption is that it's trying to verify against the SSL certificate on the site, rather than the .pem file specified in $cert_path.
I'll be honest, I'm a bit confused between SSLCERT and the CAINFO however I have added the following to my php.ini file and checked to make sure they're set correctly, which they are.
// php.ini
curl.cainfo = "/path/to/.pem";
openssl.cafile = "/path/to/.pem";
As I said before, the following works on the stage version of the site, just not the live one. Any help would be greatly appreciated.
// php curl snippet
$cert_path = '/path/to/.pem';
$options = array(
CURLOPT_SSL_VERIFYHOST => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSLCERT => $cert_path,
CURLOPT_SSLCERTPASSWD => $password,
CURLOPT_CAINFO => $cert_path,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xml_post_string,
CURLOPT_HTTPHEADER => $headers
);
curl_setopt_array( $ch, $options );
If I set VERIFYPEER to false it does connect but my assumption is that this wouldn't be passing the data securely?
Thank you.
I've managed to get this working however there are a few things to note which may help someone in the future.
The site was hosted with 123reg and I was informed by their support that third-party SSL certificates are not accepted. Although I was told this ultimately my code below did work.
I regenerated my .pem file so this too could have worked in my favour.
My final code as as follows: I also stripped out the php.ini code entirely.
// These two variables will differ depending on your payload for Curl
$xml_post_string = '...';
$headers = array();
// This will differ based on your endpoint
$url = 'endpoint.url';
$password = 'password';
$cert_path = '/path/to/.pem';
$ch = curl_init();
$options = array(
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSLCERT => $cert_path,
CURLOPT_SSLCERTTYPE => "PEM",
CURLOPT_SSLCERTPASSWD => $password,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xml_post_string,
CURLOPT_HTTPHEADER => $headers
);
curl_setopt_array( $ch, $options );
$response = curl_exec($ch);
curl_close($ch);
Related
When I try to send a cURL request, I get the following error:
* SSL certificate verify ok.
> * SSL_write() error: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry
* Closing connection 0
this is the request I am sending:
$url = 'https://example.com/services/service-name';
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $postData,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2,
CURLOPT_VERBOSE => true,
CURLOPT_STDERR => $fp,
));
$response = curl_exec($curl);
Sometimes it works, but other times it gives me the SSL error "Curl Error Number 55".
Curl version: 7.84.0
SSL version: OpenSSL/1.1.1p
On localhost, it works all the time, but on production server "Linux" it keeps giving me the SSL error. Any help is greatly appreciated
After trying everything I know, the problem was related to DNS using IPv6 instead of IPv4. I forced the cURL request to use IPv4 and haven't received any error since
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
I'm getting 410 - unregistered failures. Even I am deleting my unregistered tokens. It was working fine for years and recently facing more number of issues.
I am passing over the bundle id properly.
if (!defined('CURL_HTTP_VERSION_2_0')) {
define('CURL_HTTP_VERSION_1_0', 3);
}
$url = "{$base_url}/3/device/{$appIosRegId}";
// headers
$headers = array(
"apns-topic: {$app_bundle_id}",
'Authorization: bearer ' . $jws
);
// other curl options
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_2_0,
CURLOPT_URL => $url,
CURLOPT_PORT => 443,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => $varData,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_TIMEOUT => 30,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_HEADER => 1,
CURLOPT_SSL_VERIFYPEER => false
));
I have not made changes related notifications and cross checked with all the programs. And everything set was proper only.
Does this needs any upgrade?
My current curl version is curl 7.83.1 (Windows) Release-Date: 2022-05-13
I'm running PHP 5.6.36 running on windows server 12R2 under IIS 8.5
Whenever I call this code I get an "error code: 6" echoed and an empty $responseText, although I'm able to reach this address with the browser.
I've tried toggling the CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to true settings and using https:// addresses, but to no avail. Don't get why I can reach these addresses through the browser, but not from the command line.
function genericGet($url,$userName,$passWord){
//overriding $url for the purposes of test
$url = "http://www.google.com";
$reqDefaults = array(
CURLOPT_URL => $url,
CURLOPT_POST => false,
CURLOPT_HEADER => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_USERNAME => $userName,
CURLOPT_PASSWORD => $passWord
);
$curlReq = curl_init();
$responseText = curl_exec($curlReq);
echo "error code:".curl_errno($curlReq)."\r\n";
curl_close($curlReq);
return $responseText;
}
Ok so I finally worked this out. There was an application proxy running on the server. I checked the internet settings in Firefox and found the proxy address then added the CURLOPT_PROXY setting to my setopt array and it worked. Final code looked like this:
function genericGet($url,$userName,$passWord){
//overriding $url for the purposes of test
$url = "http://www.google.com";
$reqDefaults = array(
CURLOPT_URL => $url,
CURLOPT_POST => false,
CURLOPT_HEADER => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_USERNAME => $userName,
CURLOPT_PASSWORD => $passWord,
CURLOPT_PROXY => 'proxyaddress:8080'
);
$curlReq = curl_init();
$responseText = curl_exec($curlReq);
echo "error code:".curl_errno($curlReq)."\r\n";
curl_close($curlReq);
return $responseText;
}
I am working with Rightmove and their realtime data feed, we received a (self-signed?) certificate (.p12 file) that we had to insert into our browser/PC to connect to the testserver, this is all working great.
Now we are writing our own script, and connecting to the test server via CURL, however we are loading this script from our server and it does not have access to the test server (handshake failed - authentication, after research looks like it is expecting certificate which makes sense), but how do we get access? They are not of great help and I am wondering if we need to add this certificate to our domain/server as well to gain authentication?
Hope you can help!
You would use the CURLOPT_SSLCERT & CURLOPT_SSLCERTPASSWD options with your CURL command. e.g
$url = "https://www.example.com";
$cert_file = 'certificate_file.pem';
$cert_password = 'password';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Useragent',
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
I have a php script used to make a connection to a SSL website.
I have both CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST set to FALSE
and the version of openssl is up-to-date. (SSL Version OpenSSL/1.0.1c)
When I send a request to that SSL website, it yields the following error:
string 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol' (length=67)
I've racked my brain all day but still can't solve it. Please help!
===update===
here is my code:
$ch = curl_init();
$options = array(
CURLOPT_URL => 'https://www.example.com',
CURLOPT_HEADER => 0,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false
);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
curl_close($ch);
If you are trying to call a file within same server, you can use following block of code to fulfill your requirement:
ob_start();
require "b.php";
$result = ob_get_clean();