I have been using cURL code to access Beanstream for awhile now, and all of a sudden it stopped working as of yesterday. I have determined that this has to do with accessing the HTTPS URL for Beanstream processing, as if I test that same code and just go to the HTTP URL, it works (of course it returns an insecure connection code).
Prior to the below code I was setting VERIFYPEER / VERIFYHOST to FALSE, which was working up until yesterday.
$url = 'https://www.google.com';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, "/xxxx/public_html/_cert/GeoTrustGlobalCA_google.crt");
$getResponse = (curl_exec($ch));
curl_close($ch);
print_r($getResponse);
I have setup the above test code to try and access Google via HTTPS. I had read that a proper connection requires the VERIFYPEER / CAINFO options to be set, which I have done and grabbed the Google .crt and placed it on the web server as well.
I still get a 503 Service Unavailable error back though.
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Additionally, a 503 Service Unavailable error was encountered while
trying to use an ErrorDocument to handle the request.
Related
I use curl in PHP to request some https site such as https://github.com, and I use just code like this:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://github.com/search?q=react");
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
echo $output;
curl_close($ch);
?>
Then, I can get the page.
But, I searched before and found that if requesting a https resource, it needs adding these codes:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
So why I can request https resource without these two lines of codes to avoid SSL check?
Thanks.
The two Curl options are defined as:
CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
and
CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host
They both default to true in Curl, and shouldn't be disabled unless you've got a good reason. Disabling them is generally only needed if you're sending requests to servers with invalid or self-signed certificates, which is only usually an issue in development. Any publicly-facing site should be presenting a valid certificate, and by disabling these options you're potentially opening yourself up to security issues.
I have a dedicated server hosted at OVH and I have the following PHP CURL script that calls the Facebook Graph API to post on a user wall:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/v2.6/'.$user.'/feed');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'link='.$link.'&access_token=************');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if(curl_errno($ch)){
error_log(curl_error($ch));
}
else {
error_log($response);
}
The expected behavior is that the script should log the facebook response. I noticed a LOT of times, the script doesn't return ANY response at all and not even a CURL error.
I have also a script that uses file_get_contents. I noticed also that every few days I suddenly get a huge amount of connection timed out calling the Facebook Graph API. It happens randomly and for no reason!
When I try to call the same URL from browser immediately after it's logged in the error log, it works successfully.
I'm really confused :( Do you think these are connectivity issues with OVH servers or the Graph API or what?
Thanks
wanted to comment, not post an answer but I don't have enough rep :(
For https using curl I usually add:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
The below php code is making a REST API call that returns json object. This works fine when i use it on my localhost using WAMP Absolutely no problem.
However when i push this app on the server it would TimeOut and display 503 Service Unavailable.
I checked the logs it has an entry :
The TimeOut Specified has expired.
I contacted my admin he just said this app listens to PORT=64665 and HOST=0.0.0.0. What does that mean? What more changes do i need to make in my code to make it work on the server ? Help
<?php
$url = "http://xyz.net/v2/plan/"; // I have changed the REST URI API Link for security reasons
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, false);
curl_setopt($ch, CURLOPT_URL,$url);
$result=curl_exec($ch);
curl_close($ch);
// Will dump json
var_dump(json_decode($result, true));
$response = "http://xyz.net/v2/plan/";
echo $response;
?>
Check your server's /etc/hosts file, there could be the problem, ie. domain mapped to another (wrong) IP address.
As recommended by my DocuSign account manager, I am using Fiddler2 to capture the necessary trace for API certification. I am unable to retrieve the trace from the DocuSign domain and have narrowed it down to the fact that these are cURL calls.
According to Fiddler2, http://fiddler2.com/documentation/Configure-Fiddler/Tasks/ConfigurePHPcURL, the advice is to add the following to code:
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');
where $ch = curl_init().
I've also tried
curl_setopt($curl, CURLOPT_PROXY, '127.0.0.1:8888');
Still no dice. I only get traffic from my application site. The following is all of my curl code:
$url = "https://demo.docusign.net/restapi/v2/login_information";
$curl = curl_init($url);
$ch = curl_init();
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("X-DocuSign-Authentication: $header"));
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, getcwd() ."/**the cert info");
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');//allows fiddler to see requests
$json_response = curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
It's definitely talking to the DocuSign domain as my application is working, I'm just trying to get the trace. Any help is appreciated.
fiddler is client side program, it cannot see server traffic to other servers only traffic between client and server.
Unless your server is running locally (on the same computer that you are running fiddler) using 127.0.0.1 this will not work as 127.0.0.1 is the loopback ip for the computer, in this case the server would be trying to use itself as a proxy (which would be ok if the server computer itself was the one running fiddler). You need to change the ip to the computer running fiddler and make sure the server can access that port.
I was facing the exact same scenario, and I used a protocol analyzer such as Wireshark or TCPDUMP to see HTTP traffic at network level.
Of course the server needs to be running locally. Bellow you can find a screenshot example of traffic capture where you can clearly see the HTTP GET going out.
I need to access a RESTful webservice from PHP (only GET for now). The service can only be accessed over HTTPS with a valid client certificate.
I found plenty of basic auth examples for PHP, but not a single one for client-side cert-based HTTP auth. Is there a PHP HTTP client which can also send certificates to the server?
For now I am using an external application (wget), but this is rather slow and hacky.
Certificate-based authentication is not part of HTTP but part of SSL/TLS.
You can use cURL to do such authentication:
$ch = curl_init('https://example.com/');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cert/ca.crt');
curl_setopt($ch, CURLOPT_SSLCERT, '/path/to/cert/client-cert.pem');
$response = curl_exec();
curl_close($ch);
See the manual page of curl_setopt for more information on the options.