We Keep Coding

php curl behaves differently under browser & CLI due to proxy

Initially I was having issues trying to figure out why php curl under browser behaves differently when I tried to execute the same script by CLI.
By turning on the CURLOPT_VERBOSE with log output and compare the result of the CLI and browser, here are the differences I've seen:
CURL Under CLI
* About to connect() to proxy localhost port 3128 (#4)
* Trying ::1...
* Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3128 (#4)
* Establish HTTP proxy tunnel to someurl.com:443
* Server auth using Basic with user 'some_username'
> CONNECT someurl.com:443 HTTP/1.1
Host: someurl.com:443
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required
< Mime-Version: 1.0
< Date: Fri, 11 Dec 2020 12:04:46 CST
< Via: 1.1 someotherurl.com:8080 (Cisco-WSA/12.0.1-334)
< Content-Type: text/html
< Connection: close
< Proxy-Connection: close
< Content-Length: 2109
< X-RBT-SCAR: 2.3.4.5:11517381:2000
< Proxy-Authenticate: Basic realm="Cntlm for parent"
* Authentication problem. Ignoring this.
<
* Received HTTP code 407 from proxy after CONNECT
* Connection #4 to host localhost left intact
CURL Under Browser
* About to connect() to someurl.com port 443 (#6)
* Trying 1.2.3.4...
* Connected to someurl.com (1.2.3.4) port 443 (#6)
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: C=US,ST=FL,L=Boca Raton,O=Telit IoT Platforms,OU=secureWISE,CN=someurl.com
* start date: Apr 15 21:18:15 2020 GMT
* expire date: May 15 21:18:15 2022 GMT
* common name: someurl.com
* issuer: E=support#securewise.net,CN=secureWISE CA-256,OU=SecureWISE Certificate Authority,O=ILS Technology LLC,O=Telit Wireless Solutions Inc,L=Boca Raton,ST=Florida,C=US
* Server auth using Basic with user 'some_username'
> GET /someurl HTTP/1.1
Authorization: Basic SomeAuthKey
Host: someurl.com
Accept: */*
< HTTP/1.1 200 OK
< Date: Fri, 11 Dec 2020 04:07:40 GMT
< Server: Apache-Coyote/1.1
< X-Powered-By: Undertow/1
< Set-Cookie: JSESSIONID=c2BBPwZBjGxCaH5om6unoKaI; path=/
< Set-Cookie: somekey=somevalue; path=/
< Content-Type: text/xml
< Content-Length: 125291
< Content-disposition: attachment; filename=somefilename.xml
< Vary: Accept-Encoding,User-Agent
< SWOrigin: sw_proxy
< Connection: close
<
* Closing connection 6
My initial hunch is that this has something to do with proxy (as this PC does use a proxy to go online)
And looking at the browser log, it seems as if proxy was skipped.
I've also checked the phpinfo() for both the browser and CLI, and I can see that there's proxy, http_proxy, https_proxy defined in the environment variables, as well as under $_SERVER for CLI, but not on browser, which makes me believe more that my assumption is correct.
So in order to combat this, I've tried adding the following code before the curl call:
if(isset($_SERVER['http_proxy']))
unset($_SERVER['http_proxy']);
if (isset($_SERVER['https_proxy']))
unset($_SERVER['https_proxy']);
if (isset($_SERVER['proxy']))
unset($_SERVER['proxy']);
if(isset($_ENV['http_proxy']))
unset($_ENV['http_proxy']);
if (isset($_ENV['https_proxy']))
unset($_ENV['https_proxy']);
if (isset($_ENV['proxy']))
unset($_ENV['proxy']);
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "someuser:somepass");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_VERBOSE, true);
$result = curl_exec($ch);
curl_close($ch);
But the verbose still shows that it still tries to go through the proxy when executed under CLI.
Any suggestion on this?

After digging around, it turns out all I had to do was to by pass the someurl.com in the /etc/cntlm.conf by including the url in the NoProxy config.

cURL GET method fails in php, but browser and console complete it successfully

I apologize if the title is inappropriate, but I kind of could not think of a better definition for it.
I am going nuts over this problem. I have been working on collecting feeds and data via cURL for the past 5+ years and have never encountered this kind of situation. I have a large json to collect over the GET method from a remote server via HTTPS from address that looks something like this
https://private.example.com/thisDotNetEndPoint?token=bla-bla-trutj&someParam=1
someParam is changeable, and for some values with lower amount of data everything works fine, almost identical speeds to browser, but in several cases cURL always goes to tiomeout set, while in browser and from console everything works fine
PHP
My cURL is as follows:
$ch = curl_init();
$url = 'https://private.example.com/thisDotNetEndPoint?token=bla-bla-trutj&someParam=1';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
// I've added this user agent as it is the same as the one Chrome uses
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36');
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
// I have tried removing the SSL part below, but no difference
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "HIGH:!SSLv3s");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // tried this with true, but no difference
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 1200); // what ever the timeout I set the cURL always goes to timeout
curl_setopt($ch, CURLOPT_VERBOSE, true);
$response = curl_exec($ch);
if (curl_errno($ch)) {
print("cURL error: " . curl_error($ch));
print_r(curl_getinfo($ch));
} else {
print_r(json_decode($response));
}
curl_close($ch);
This is the verbose output:
* Hostname was NOT found in DNS cache
* Trying 12.34.567.89...
* Connected to private.example.com (12.34.567.89) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.example.com
* start date: 2016-03-03 09:41:38 GMT
* expire date: 2018-03-04 09:52:18 GMT
* subjectAltName: private.example.com matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=Starfield Technologies, Inc.; OU=http://certs.starfieldtech.com/repository/; CN=Starfield Secure Certificate Authority - G2
* SSL certificate verify ok.
> GET /thisDotNetEndPoint?token=bla-bla-trutj&someParam=1 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Host: private.example.com
Accept: */* */
* Operation timed out after 1200001 milliseconds with 0 bytes received
* Closing connection 0
It always goes to timout whatever the timout I set, tried even setting it to 2 hours.
I've even tried adding these but no difference:
curl_setopt($ch, CURLOPT_NOSIGNAL, 1);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 1200);
Browser
When I enter the same url in browser the response comes back in 6-9 minutes
cURL from console
I have used the simplest command and it works in same time as browser:
$ curl -X GET -v 'https://private.example.com/thisDotNetEndPoint?token=bla-bla-trutj&someParam=1'
Verbose output:
* Hostname was NOT found in DNS cache
* Trying 12.34.567.89...
* Connected to private.example.com (12.34.567.89) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.example.com
* start date: 2016-03-03 09:41:38 GMT
* expire date: 2018-03-04 09:52:18 GMT
* subjectAltName: private.example.com matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=Starfield Technologies, Inc.; OU=http://certs.starfieldtech.com/repository/; CN=Starfield Secure Certificate Authority - G2
* SSL certificate verify ok.
> GET /thisDotNetEndPoint?token=bla-bla-trutj&someParam=1 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: private.example.com
> Accept: */* */
>
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Type: application/json; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-StackifyID: V1|b8b10c35-2649-4f67-ba6a-b5ad15ef553b|C56050|CD18|
< Set-Cookie: .ASPXANONYMOUS=looI88UVBp6Cg5tLkzVejO4CNRilhyKjMY4hFqhuO48vdVT19U8h5oisC9khFv1rOmH6Ii_lEec-9XhipEvh1UkewhufqfmlTGFsyQCaML06NVa-5-Vr_OikZb07R6pdHCeRtn9liBVJfamJmXiElA2; expires=Thu, 02-Feb-2017 20:54:18 GMT; path=/; HttpOnly
< X-AspNetMvc-Version: 5.2
< Rx-CID: ae9907d6fc394b24b6599e74ab5a668f
< Rx_RequestId: f3fff82c4de04bba90b2bbc5704ac787
< X-Powered-By: ASP.NET
< Strict-Transport-Security: max-age=31536000
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: rx-cid
< Date: Fri, 25 Nov 2016 10:25:00 GMT
< Content-Length: 2231472
<
[and the response is printed here]
Any ideas?
Thanks in advance.

Did you notice the difference between the console and your php verbose output? The useragent is missing in your php code. curl commandline by default adds this useragent, whereas the php-curl doesn't.
User-Agent: curl/7.35.0
Use the option CURLOPT_USERAGENT.
curl_setopt($ch, CURLOPT_USERAGENT, "Opera 11.0");

PHP SOAP Integration with MS Dynamics 2011/2013 (IFD)

Currently, I am trying to connect PHP website with MS Dynamics 2013. I found the following example (https://github.com/rocketeer007/php-dynamics-crm-2011) to connect to but it is not working.
I provided the configuration but is getting following error i.e.
string(576) "http://www.w3.org/2005/08/addressing/soap/faults:Sendera:InvalidSecurity
An error occurred when verifying security for the message."
I couldn't find more information about the soap response.
Here is the more information that I am sending in my request i.e.
**NOTE: For example purposes below I have changed the URLs**
//Parameters values used in the below CURL
$soapUrl = https://example.crmserver.com/adfs/services/trust/13/usernamemixed
$headers = 'POST /adfs/services/trust/13/usernamemixed HTTP/1.1
Host: adfs.crmserver.com
Connection: Keep-Alive
Content-type: application/soap+xml; charset=UTF-8
Content-length: 1481'
$content = '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://adfs.crmserver.co.nz/adfs/services/trust/13/usernamemixed</a:To>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2015-07-16T04:09:52.00Z</u:Created>
<u:Expires>2015-07-16T04:10:52.00Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="user">
<o:Username>desktop\abc_service.mrl</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>https://dev2013.crm.crmserver.co.nz/XRMServices/2011/Discovery.svc</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
</trust:RequestSecurityToken>
</s:Body>
// Request
$cURLHandle = curl_init();
curl_setopt($cURLHandle, CURLOPT_URL, $soapUrl);
curl_setopt($cURLHandle, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($cURLHandle, CURLOPT_TIMEOUT, self::$connectorTimeout);
curl_setopt($cURLHandle, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($cURLHandle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_NONE);
curl_setopt($cURLHandle, CURLOPT_HTTPHEADER, $headers);
curl_setopt($cURLHandle, CURLOPT_POST, 1);
curl_setopt($cURLHandle, CURLOPT_POSTFIELDS, $content);
curl_setopt($cURLHandle, CURLOPT_HEADER, false);
curl_setopt($cURLHandle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
$responseXML = curl_exec($cURLHandle);
if(curl_exec($cURLHandle) === false)
{
echo 'Curl error: ' . curl_error($ch);
}
else
{
echo "no error <br />";
var_dump($responseXML);
}
I tried to see the error but get following i.e.
no error
I am stuck and researched over the internet and couldn't find anything on it therefore, is posting over here...
More Information:
When I tried this from command line i.e.
curl -H "Authorization: Bearer" https://dev2013.crm.example.com/XRMServices/2011/Discovery.svc -v
Then, I got the following output i.e.
About to connect() to dev2013.crm.appserv.co.nz port 443 (#0)
* Trying x.x.x.x... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: C=AU; ST=Sydney; L=Sydney; O=Example Ltd; CN=*.crm.example.com
* start date: 2015-06-24 00:00:00 GMT
* expire date: 2017-08-22 23:59:59 GMT
* subjectAltName: dev2013.crm.example.com matched
* issuer: C=US; O=thawte, Inc.; CN=thawte SSL CA - G2
* SSL certificate verify ok.
> GET /XRMServices/2011/Discovery.svc HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: dev2013.crm.example.com
> Accept: */*
> Authorization: Bearer
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Set-Cookie: ISAWPLB{11FDD9E3-24F0-455D-8590-436AF3F4D26D}={B0F3D377-6B32-45C6-A517-DA83209E8EA4}; HttpOnly; Path=/
< Content-Length: 3127
< Date: Thu, 16 Jul 2015 03:26:39 GMT
< Content-Type: text/html; charset=UTF-8
< Server: Microsoft-IIS/8.5
< Cache-Control: private
< X-AspNet-Version: 4.0.30319
< REQ_ID: 5b87d8d2-8b5e-4979-b090-7df14a3a1603
< Set-Cookie: ReqClientId=751fb9c2-ac10-478a-b933-2117420c660c; expires=Thu, 16-Jul-2065 03:26:39 GMT; path=/; secure; HttpOnly
< X-Powered-By: ASP.NET
It means that there is no issue with connecting to CRM using the above discovery server.
Looking for instant help on the error and the best recommendation to get authentication from the CRM using PHP SOAP webservices.
Thanks in advance.
Cheers,

Jason Lattimer has an updated example using IFD.
http://jlattimer.blogspot.com.au/2015/02/soap-only-authentication-using-php.html
At a glance there seems to be a few discrepancies.
Firstly you don't have a message ID (Should be just under the action line)
<a:MessageID>urn:uuid:{A RANDOM GUID GOES HERE}</a:MessageID>
Secondly you have the following line
<o:UsernameToken u:Id="user">
Which I walso believe should be a GUID
<o:UsernameToken u:Id="{GUID GOES HERE}">
Finally you look like you're pointing to the Discovery Service where I think you should be pointing to the organisation service.
Organization.svc
I haven't done any PHP-IFD stuff myself so I'd suggest going to Jason's blog and comparing it with yours.

Campey, thanks for your time. Both DEV and LIVE Servers are in the same timezone the only difference that I have found the DEV server timezone is 10 minutes behind from the LIVE server.
I corrected the time on DEV server and then the authentication problem is solved.
Thanks everyone for investing time to read the issue.

Looping HTTP post starts to fail for Amazon SES

I originally posted this at the Amazon SES forums here: https://forums.aws.amazon.com/thread.jspa?threadID=74561&tstart=0
But since the stackoverflow community is more active, I'll post it here :)
Basically I have a forecah loop around a cURL post (see bottom of post for script snippet). It works for a couple hundred posts, but then starts to fail for all the others. Here's the last successful post followed by the first of 100's of unsuccessful posts...
* About to connect() to email.us-east-1.amazonaws.com port 443 (#0)
* Trying 207.171.162.2... * connected
* Connected to email.us-east-1.amazonaws.com (207.171.162.2) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=email.us-east-1.amazonaws.com
* start date: 2010-10-08 00:00:00 GMT
* expire date: 2013-10-07 23:59:59 GMT
* subjectAltName: email.us-east-1.amazonaws.com matched
* issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
* SSL certificate verify ok.
POST / HTTP/1.1
Accept: */*
Host: email.us-east-1.amazonaws.com
Content-Type: application/x-www-form-urlencoded
Date: Sat, 20 Aug 2011 18:59:56 UTC
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=LKIABMH7PT8SO4YBRDQA,Algorithm=HmacSHA1,Signature=/0HFVEsTBGqUUSQGy9jvmsft2k4=
Content-Length: 5810
Expect: 100-continue
< HTTP/1.1 200 OK
< x-amzn-RequestId: 4a0f8f18-cb5f-11e0-8364-b14fdafc0888
< Content-Type: text/xml
< Content-Length: 326
< Date: Sat, 20 Aug 2011 19:04:55 GMT
<
* Connection #0 to host email.us-east-1.amazonaws.com left intact
* Closing connection #0
The the failures start....
* About to connect() to email.us-east-1.amazonaws.com port 443 (#0)
* Trying 207.171.162.2... * connected
* Connected to email.us-east-1.amazonaws.com (207.171.162.2) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=email.us-east-1.amazonaws.com
* start date: 2010-10-08 00:00:00 GMT
* expire date: 2013-10-07 23:59:59 GMT
* subjectAltName: email.us-east-1.amazonaws.com matched
* issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
* SSL certificate verify ok.
POST / HTTP/1.1
Accept: */*
Host: email.us-east-1.amazonaws.com
Content-Type: application/x-www-form-urlencoded
Date: Sat, 20 Aug 2011 18:59:56 UTC
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=LKIABMH7PT8SO4YBRDQA,Algorithm=HmacSHA1,Signature=/0HFVEsTBGqUUSQGy9jvmsft2k4=
Content-Length: 5806
Expect: 100-continue
< HTTP/1.1 400 Bad Request
< x-amzn-RequestId: 4b8f29db-cb5f-11e0-b9af-33e5c8fc863b
< Content-Type: text/xml
< Content-Length: 347
< Date: Sat, 20 Aug 2011 19:04:58 GMT
<
* Connection #0 to host email.us-east-1.amazonaws.com left intact
* Closing connection #0
Here's the script snippet
foreach($JSONarray['DATABASE'] as $E)
{
if ((array_diff($E['LISTS'], $FILTER) != $E['LISTS']) && $E['STATUS'] == "CONF")
{
$MAIL = "Action=SendEmail&Source=".$FROME."&ReturnPath=".$BOUNCE."&Destination.ToAddresses.member.1=".$TOE."&Message.Subject.Data=".$SUBE."&Message.Body.Html.Data=".$BODYE;
//curl
$aws = curl_init();
curl_setopt($aws, CURLOPT_POSTFIELDS, $MAIL);
curl_setopt($aws, CURLOPT_HTTPHEADER, $headers);
curl_setopt($aws, CURLOPT_HEADER, false);
curl_setopt($aws, CURLOPT_URL, $url);
curl_setopt($aws, CURLOPT_RETURNTRANSFER, true);
curl_setopt($aws, CURLOPT_VERBOSE, true);
curl_setopt($aws, CURLOPT_STDERR, $SESLOG);
curl_exec($aws);
curl_close($aws);
}
}
Any ideas?

Could it be a DOS prevention mecanism kicking in? How about putting some sleeps into your code? I would definitely put some safeguards against potential DOS attacks if I were Amazon..
Just a guess, though...

I figured out the problem:
<ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
<Error>
<Type>Sender</Type>
<Code>RequestExpired</Code>
<Message>Request timestamp: Mon, 22 Aug 2011 15:49:11 UTC expired. It must be within 300 secs/ of server time.</Message>
</Error>
<RequestId>0e3899cb-ccd7-11e0-9f09-c5d12d442026</RequestId>
</ErrorResponse>
My headers were set-up outside the forecah loop around curl. Doh! So I just moved that bit of code into the loop to solve the time-out problem.

curl error 35, possible reasons?

The trouble showed itself yesterday - getting following answer from curl (called in php script by curl_exec):
$<errno>35</errno>
$<error>Unknown SSL protocol error in connection to w3s.webmoney.ru:443 </error>
That bug happens only sometimes, something around 4-5 valid responses to one invalid with 35 error. Before yesterday application was handling those requests correctly for a very long time.
Hope someone will give me a hint about possible reasons of that bug.
P.S. We are suffering from internet connection problems lately, can it be somehow connected to that bug?
Upd:
Setting verbose output to true made curl to write following log:
* About to connect() to w3s.webmoney.ru port 443 (#0)
* Trying 82.198.171.158... * connected
* Connected to w3s.webmoney.ru (82.198.171.158) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ${path}/WebMoneyCA.crt
CApath: /etc/ssl/certs
* SSL connection using RC4-MD5
* Server certificate:
* subject: C=RU; O=WebMoney Transfer; OU=WebMoney Web Service; CN=w3s.webmoney.ru
* start date: 2010-06-07 10:03:43 GMT
* expire date: 2012-06-07 10:13:43 GMT
* common name: w3s.webmoney.ru (matched)
* issuer: OU=WM Transfer Certification Services; O=WM Transfer Ltd; CN=WebMoney Transfer Root CA
* SSL certificate verify ok.
> POST /asp/XMLPurses.asp HTTP/1.1
Host: w3s.webmoney.ru
Accept: */*
Content-Length: 281
Content-Type: application/x-www-form-urlencoded
< HTTP/1.1 200 OK
< Date: Fri, 10 Dec 2010 13:00:04 GMT
< Server: Microsoft-IIS/6.0
< X-Powered-By: ASP.NET
< Content-Length: 4423
< Content-Type: text/xml; Charset=windows-1251
< Expires: Fri, 10 Dec 2010 13:00:04 GMT
< Set-Cookie: ASPSESSIONIDQADQDTAQ=FJMNECHBENFFAADHEHPFOKAE; path=/
< Cache-control: private
<
* Connection #0 to host w3s.webmoney.ru left intact
* Closing connection #0
* About to connect() to w3s.webmoney.ru port 443 (#0)
* Trying 212.158.173.158... * connected
* Connected to w3s.webmoney.ru (212.158.173.158) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ${path}/WebMoneyCA.crt
CApath: /etc/ssl/certs
* Unknown SSL protocol error in connection to w3s.webmoney.ru:443
* Closing connection #0
Upd:
The trouble was not on our side. The problem was hidden somewhere in w3s.webmoney.ru, in 212.158.173.158 server. I'll add more details about the bug if information will be available.

Got the following response from WM support people:
"There are four IP addresses on hostname w3s.webmoney.ru. When a request ends up on 212.158.173.158, SSL is getting killed by a piece of anti-DDoS hardware at the provider's. The problem was localized, they're now trying to fix it."