i'm having a problem using Seller Center SDK from this site:
https://github.com/rocket-internet-berlin/SellerCenterSDK-PHP
i did exactly like what he told. and when i came to the point to test it
php ./genericGetter.php
i got error saying:
curl error 60: ssl certificate problem: unable to get local issuer certificate
i tried to turn off my firewall and added cacert.pem from this site https://curl.haxx.se/ca/cacert.pem to my php.ini and still no luck. can someone provide a solution?
You can try add it to php.ini
curl.cainfo=c:\path\to\cacert.pem
And try set opt_option if still not work.
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => true, // follow redirects
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_USERAGENT => "spider", // who am i
CURLOPT_AUTOREFERER => true, // set referer on redirect
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_SSL_VERIFYPEER => false // Disabled SSL Cert checks
);
curl_setopt_array( $ch, $options );
just figured it out.
inside vendor\guzzlehttp\guzzle\src\HandlerCurlFactory.php, on line 329; change;
$conf[CURLOPT_SSL_VERIFYPEER] = true;
to
$conf[CURLOPT_SSL_VERIFYPEER] = false;
so far, i don't know the side effect that might happens. but, it does work fine now.
hopefully this is useful for those who wants to work with Seller Center SDK.
If you can trust the source that you are consuming the resources from then arguably I would say that you can deactivate that option temporally as you already did but I would recommend you to check the root of the issue for a long-term solution.
It seems that the issue is with curl not having a valid certificate:
Check if your server has the latest cacert.pem file which you can download from https://curl.haxx.se/docs/caextract.html and add to the server certs directory.
if the server uses a certificate signed by a CA represented in cacert then it might be expired, or the name might not match the domain name your SDK is using.
If you still not having a solution then check the link below to see if one of the options provided can give you a solution:
curl: (60) SSL certificate : unable to get local issuer certificate
Related
I use WordPress and I recently moved my site from the cpanel host to a Linux server with directadmin panel.
Right after the transfer realized that customers have the following error when downloading via EDD plugin.
cURL error 28: Resolving timed out after 5001 milliseconds
I also got this error of w3_total_cache plugin.
Server informatin:
Centos 6.8 (Final)
cURL 7.54.0 (Final)
directadmin
cURL error 28: Resolving timed out after 5001 milliseconds means DNS resolving failed.
so just change the DNS server list in /etc/resolv.conf.
or maybe we can bind the hostname and ip address in /etc/hosts.
this image shows the demo.
As reported here:
https://wordpress.org/support/topic/dropbox-upload-fails-with-curl-timeout-error/
You can apply this temporary fix to extend the HTTP request timeout:
add_filter( 'http_request_timeout', function( $timeout ) { return 60; });
Wordpress default is 5 seconds.
To resolve this you have to set the curl connection time out and time out value at the time of curl initialization.
Just changes this two property value.
CURLOPT_CONNECTTIMEOUT => 30,
CURLOPT_TIMEOUT => 60,
For more details check This.
update these two lines here:
/usr/share/icingaweb2/modules/jira/library/Jira/RestApi.php
$opts = array(
CURLOPT_URL => $this->url($url),
CURLOPT_HTTPHEADER => $headers,
CURLOPT_USERPWD => $auth,
CURLOPT_CUSTOMREQUEST => \strtoupper($method),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CONNECTTIMEOUT => 30,
CURLOPT_TIMEOUT => 30,
You can set
set_time_limit(120);
in the wp-config.php after the MySQL settings section.
The bellow is my curl config of PPHttpConfig.php for paypal adaptive payment SDK,
public static $DEFAULT_CURL_OPTS = array(
CURLOPT_SSLVERSION => 4,
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_TIMEOUT => 60, // maximum number of seconds to allow cURL functions to execute
CURLOPT_USERAGENT => 'PayPal-PHP-SDK',
CURLOPT_HTTPHEADER => array(),
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_SSL_CIPHER_LIST => 'TLSv1',
);
But,getting error
Type PayPal\Exception\PPConnectionException
Message error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
OpenSSL error messages tend towards cryptic and generic.
The most common causes for this error are that
the server certificate has expired
the server cerificate is invalid
the client and server can not negotiate a protocol level or cipher acceptable to both parties.
Your version of OpenSSL is relatively recent (but still out of date / containing serious vulnerabilities). I'd like to think that PayPal wouldn't let their certificates expire.
Less common reasons for seeing this error are
your database is CA certs is out of date
CACert database can't be found (is your PHP running in a chroot?)
you've got some silly entries in your openssl.cnf or it can't be found
you are sitting behind a MITM proxy you didn't know about
You didn't say where the PHP is running, what its running on, nor what acces you have to the machine. If it's a Linux box and you have shell access, you might want to see what happens when you probe the server from the command line.
I've downloaded Amazon's Marketplace SDK and I'm trying out one of the samples in the samples dir. However, I'm getting an exception with the following details whenever I try it:
Caught Exception: Internal Error
Response Status Code: 0
Error Code:
Error Type:
Request ID:
XML: RequestId: , ResponseContext: , Timestamp:
ResponseHeaderMetadata:
I have got CURL enabled with SSL as well. What am I doing wrong?
This answer is for future reference. For in-depth troubleshooting, see comments on the question.
The empty response indicates a failed connection to the Amazon server. In this case, HTTP worked fine, but HTTPS did not. As turning off CURLOPT_SSL_VERIFYPEER in the cURL settings solved the issue, it appears that the Amazon server was not using a valid SSL certificate.
Having CURLOPT_SSL_VERIFYPEER turned on checks if the requested host has a valid certificate and lets cURL return false if it doesn't. When CURLOPT_SSL_VERIFYPEER is off, invalid certificates (e.g., self-signed) are accepted and return the regular response.
For future reference. In the new version of the SDK the options are referenced in the client.php as follows
private function getDefaultCurlOptions() {
return array (
CURLOPT_POST => true,
CURLOPT_USERAGENT => $this->config['UserAgent'],
CURLOPT_VERBOSE => true,
CURLOPT_HEADERFUNCTION => array ($this, 'headerCallback'),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2
);
}
setting
CURLOPT_SSL_VERIFYPEER => false,
did the trick in my case. As I am not a security expert, however, no recommendation from this point of view. At least its working and you are probably not loosing 1 whole day as I did.
I experienced a very similar connection issue with Amazon. It was the sample files bundled with the Amazon php api, which contain a following configuration array:
$config = array (
'ServiceURL' => $serviceUrl,
'ProxyHost' => null,
'ProxyPort' => -1,
'MaxErrorRetry' => 3,
);
and if this is copied over and not modified
'ProxyPort' => -1,
will result in an attempt to connect through a proxy port -1 which will of course fail (issue tracked by checking curl error). I hope this helps.
I'm trying to use cURL with PHP and its giving me this error:
"Failed to connect to 208.77.188.166: Operation not permitted"
I'm pretty sure its a server issue - but just in case, here is my code:
<?php
$ch = curl_init();
$url ="http://www.example.com";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch) or die(curl_error($ch));
echo $output;
?>
cURL is enabled on Apache, I've tried changing permissions of the file to 777.
Any ideas?
It's possible that you need to enable allow_url_fopen (reference) -- you can do this in an .htaccess file if it's on apache.
You can enable this by putting this in an .htaccess file:
php allow_url_fopen on
Make sure you set all required CURL options:
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_ENCODING => "",
CURLOPT_USERAGENT => "spider",
CURLOPT_AUTOREFERER => true,
CURLOPT_CONNECTTIMEOUT => 120,
CURLOPT_TIMEOUT => 120,
CURLOPT_MAXREDIRS => 10,
I will also suggest you echo out errors also using something like this:
$hostconnect = curl_init($url);
$errmsgcurl = curl_error($hostconnect);
echo $errmsgcurl;
The above code is not tested and it just serves as an example.
Also would suggest trying out your code on a local apache server this way you can tell where the problem sits easily.
Many shared hosting providers prohibit outbound connections. Bluehost, for example, requires that you purchase a static IP before allowing outbound connections. Then you need to make sure CURL knows what outbound interface to use.
The error you are receiving is most likely do to a firewall blocking all outbound connections. Many shared hosting providers are blocking outgoing port 80 connections to try to stop rampant errors in PHP scripts that allow remote includes to then be used as an attack vector against the server.
Please contact your host, and if this is the case you will need to find an alternate way to connect to the remote host, or move hosting companies.
You should try using a version of curl installed on the server or on your workstation (command line version) and try to replicate the error, you may need to set a referrer header in the curl request, but that all depends on the server you are trying to contact.
Could be a proxy issue or some kind of authentication problem on the server - can you access this URL using a regular web browser ?
This question already has answers here:
PHP - SSL certificate error: unable to get local issuer certificate
(19 answers)
Closed 1 year ago.
I am trying to download the content of a secure (uses https) webpage using php and curl libraries.
However, reading failed and I get error 60: "SSL certificate problem, verify that the CA cert is OK."
also "Details: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
So...pretty self explanatory error msg's.
My question is: How do I send an SSL certificate (the right one?) and get this page to verify it and let me in?
Also, here is my options array in case you are wondering:
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => true, // follow redirects
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:x.x.x) Gecko/20041107 Firefox/x.x", // who am i
CURLOPT_AUTOREFERER => true, // set referer on redirect
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_SSL_VERIFYHOST => 1,
);
Any suggestions would be great,
Andrew
It sounds like you might be misinterpreting the error. It looks to me like the site you're connecting to is self-signed or some other common problem. Just like the usual browser warning, you're easiest work around is to disable the checks.
You'll need to set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to FALSE. This should disable the two main checks. They may not both be required, but this should at least get you going.
To be clear, this disables a feature designed to protect you. Only do this if you have verified the certificate and server by some other means.
More info on the PHP site: curl_setopt()
If you want to use SSL peer verification (turning it off is not always good idea) you may use next solution on Windows globally for all applications:
Download file with root certificates from here:
http://curl.haxx.se/docs/caextract.html
Add to php.ini:
curl.cainfo=C:/path/to/cacert.pem
that's all magic, CURL can now verify certificates.
(as I know there is no such problem on Linux, at least on Ubuntu)
Even after following advice on SO.. You may still have problems with an error like:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
the problem is with the SSL version. Use the following for version 3
curl_setopt($ch, CURLOPT_SSLVERSION,3)
I am assuming that u have enabled verification of peer and host as well and are pointing to an actual certificate file. Eg.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/cacert.pem");
This is a "problem" with openssl and VeriSign.
I had a similar problem and my openssl was missing the intermediate ssl certificate used by VeriSign to sign the server certificate.
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657
I had to import these intermediate certificates from the VeriSign Homepage or Firefox cert-database-export into my local ca-certificates list and after this step I was able to use wget/curl to use the protected connection without any errors.
If it's a developer machine - you can also add this certificate in you system.
Something like this - https://www.globalsign.com/support/intermediate/intermediate_windows.php
It's for WinXP, but it works also on other versions of windows.
You're not SENDing the SSL cert. It appears there's a problem with the SSL cert as it is installed on the host you are contacting. Use option -k or --insecure, to get past the complaint.
Ah. See Ryan Graham's answer
This is apparently on openssl bug. Tomcat can be configured to work around this in /etc/tomcat7/server.xml by restricting the available cipher list:
<Connector protocol="HTTP/1.1" SSLEnabled="true" ... ciphers="SSL_RSA_WITH_RC4_128_SHA"/>