I tried to downlaod and install Symfony on a server at my company...
c:\> php -r "readfile('http://symfony.com/installer');" > symfony
..and got the following error (partly German, but you'll get the idea):
PHP Warning: readfile(http://symfony.com/installer): failed to open stream: Es konnte keine Verbindung hergestellt werd en, da der Zielcomputer die Verbindung verweigerte.
in Command line code on line 1
So I downloaded it manually over the browser (which worked fine) and tried to create a new site:
php symfony.phar new blog
Now I got this error:
[RuntimeException]
There was an error downloading Symfony from symfony.com server:
Client error response [url] http://symfony.com/download?v=Symfony_Standard_Vendors_latest.tgz [status code] 407 [re
ason phrase] Proxy Authentication Required
[GuzzleHttp\Exception\ClientException]
Client error response [url] http://symfony.com/download?v=Symfony_Standard_Vendors_latest.tgz [status code] 407 [re
ason phrase] Proxy Authentication Required
So I did a step back to see if I can do a cURL request in a PHP script. I used the following script to try it (my company is using a proxy server with NTLM authentication):
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.google.com');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROXY, 'proxy.company.loc');
curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
curl_setopt($ch, CURLOPT_PROXYTYPE, 'HTTP');
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, 'user:password');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
echo curl_exec($ch);
curl_close($ch);
And it worked fine.
What do I have to do to be able to install and use Symfony. Where do I define the proxy, the credentials and the NTLM method? I tried adding HTTP_PROXY in the env vars as "http://user:password#proxy.company.loc:8080", but that didn't help (maybe I also have to add the auth type NTLM somewhere).
The server is a Windows Server 2012 R2. PHP version is 5.6.5 and Apache is on 2.4.12.
Thanks for any help and sorry for any grammar errors!
I will describe solution which I use myself.
Download cntlm-0.92.3-setup.exe and install it (it will set up system service).
Configure cntlm.ini (C:\Program Files (x86)\Cntlm\cntlm.ini) - proxy address, no proxy, domain account etc.
Restart Cntlm Authentication Proxy service.
Set http_proxy/https_proxy to http://localhost:3128 (system wide method)
Try symfony installer now
Sometimes it could be a little bit slow but it works. I use this solution for all console apps that do not support integration with system wide proxy. Cntlm also works on unix based OS.
Hope that's help.
Related
I stumbled over a weird behavior when I try to send a post HTTP/2.0 request to apples push service:
$http2ch = curl_init();
curl_setopt($http2ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
curl_setopt($http2ch, CURLOPT_URL, 'https://api.push.apple.com/3/device/megauniquedevicetokendummy');
curl_setopt($http2ch, CURLOPT_PORT, 443);
curl_setopt($http2ch, CURLOPT_HTTPHEADER, $httpHeader);
curl_setopt($http2ch, CURLOPT_POST, true);
curl_setopt($http2ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($http2ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($http2ch, CURLOPT_TIMEOUT, 30);
curl_setopt($http2ch, CURLOPT_HEADER, 1);
$result = curl_exec($http2ch);
if ($result === false) {
throw new \Exception("Curl failed: " . curl_error($http2ch) . " | " . curl_getinfo($http2ch, CURLINFO_HTTP_CODE));
}
The exception is thrown with the Message:
Curl failed: Received HTTP/0.9 when not allowed | 0
I explicitly told curl to use HTTP/2.0 on the second line of the code snipped above.
Does anyone have any idea what that error message means and why curl uses such an old HTTP version?
I am on PHP 7.2 and curl version 7.66.0.
This can also happen when the server is a grpc server. When curl is run against a grpc server or other non-HTTP server that doesn't respond with a valid HTTP status line that curl expects, curl will print the "Received HTTP/0.9 when not allowed".
It might be better if curl printed something like "unknown protocol" rather than assuming it is 0.9 because hitting something like a grpc server these days is going to be far more common than an actual HTTP 0.9 server.
I figured it out.
Make sure that curl is compiled with nghttp2.
If you are unsure, you can check it on your terminal using curl --version
If you dont find nghttp2/{version} you need to compile curl again with nghttp2.
curl --version example where nghttp2 is missing:
curl 7.66.0 (amd64-portbld-freebsd12.0) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
curl --version example where nghttp2 is available:
curl 7.64.1 (x86_64-apple-darwin19.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.39.2
I do not believe it requires you to have a version of curl compiled differently, but rather set the option to allow http 0.9 as a response from your older server. PHP has some notes on "CURLOPT_HTTP09_ALLOWED" that may have differed when you posted your question via https://www.php.net/manual/en/function.curl-setopt.php
The option that overcame the error for me was:
curl_setopt($http2ch, CURLOPT_HTTP09_ALLOWED, true);
I'm using PHP curl library to establish connection and retrieve content from WEB - the usual.
I have multiple SOCKS5 proxy servers running on localhost on ports from 10300 to 10350 and PHP selects a port randomly.
My code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_PROXY, "localhost:".mt_rand(10300, 10350));
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$curl_resp = curl_exec($ch);
curl_close($ch);
/// ... whatever logic
But if I put this code into loop for long time, I get error telling that no more files can be opened. I read online that is because filehandler limit being reached, so I debugged with lsof -p and I noticed that the process has hundreds and even thousands of these lines:
... TCP localhost:43030->localhost:10303 (CLOSE_WAIT)
... TCP localhost:40982->localhost:10341 (CLOSE_WAIT)
... TCP localhost:48718->localhost:10304 (CLOSE_WAIT)
... TCP localhost:41655->localhost:10350 (CLOSE_WAIT)
... TCP localhost:41915->localhost:10310 (CLOSE_WAIT)
... TCP localhost:49746->localhost:10322 (ESTABLISHED)
I was researching why is this that way, but I don't understand, because I am calling curl_close and I would assume that CURL would close PROXY connection as well, or am I missing something?
Versions:
PHP 7.1.4-1+deb.sury.org~trusty+1 (cli) (built: Apr 11 2017 22:45:20) (NTS)
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.1f zlib/1.2.8 libidn2/0.9 libpsl/0.11.0 (+libicu/52.1) libssh2/1.4.3 nghttp2/1.19.0 librtmp/2.3
I also came across this issue. The work around is add
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Connection: close"));
At first I thought is was related with php7, because i can reproduce it on a php7 box, but on php5, it will not happen. Unfortunately, I tried this on another php7 box, it also did not happen again. So I am still confused about the root cause.
So here's my problem.
I'm using curl to access my CouchDB by HTTP. I recently updated my WAMP to the WAMP 3 64bit wich comes with PHP 5.6.16 and Apache 2.4.17. Therefore, since this upgrade, I discovered that I couldn't do PUT request anymore.
Env
PHP 5.6.16
Apache 2.4.17
Windows 10 64 bit
Wamp 3 64 bit
Curl --version
curl 7.49.1 (x86_64-pc-win32) libcurl/7.49.1 OpenSSL/1.0.2h nghttp2/1.11.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM SSL HTTP2
Code executed
So when I execute this :
<?php
$table="testname";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost:5984/' . $table);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'validUser:validPass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: */*'
));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
I get a quick response from the server.
Then, I try to create a database :
<?php
$table = "testname";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost:5984/' . $table);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'validUser:validPass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: */*'
));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
Problem
So, when I execute this code, the request will hang on curl_exec.
What's weird is that, after the timeout, the request will be received by CouchDB but no response will be given. It seems that my "Put" request are stacked in a buffer and they are waiting to be executed.
Verbose curl output
* Hostname in DNS cache was stale, zapped
* Trying ::1...
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'validUser'
> PUT /customers HTTP/1.1
Host: localhost:5984
Authorization: Basic dGVzdEFkbWluOnRlc3RQYXNzd29yZA==
Content-type: application/json
Accept: */*
* Operation timed out after 10000 milliseconds with 0 bytes received
* Closing connection 0
Hints
-I try to install a SSL certificate but It didn't seem to work. Having this certificate still installed can cause problems?
-I can do PUT request with a REST client on my Atom editor without problems.
-I seems like there is a problem in my network route internally. I'm saying this because It affected the PHP-Curl aswell as the Curl CLI. Also, I'm able to do GET request but the PUT request are like "hanging" for no reason and are "Accepted" by my CouchDB when the timeout occurs. It's like if I was sending long poll request.
What have been tested
Execute the same command on the command line -> Same result
Try a REST Client on my Atom editor with success
A friend of mine try to access to my database remotly with success (So CouchDB doesn't seem the problem)
Even if I tested with my Firewall disabled, uninstalling my antivirus ( Bitdefender Total Security 2016) fixed my issue.
I am working on the paypal ipn script in one of my applications hosted on a Digital Ocean's box with Centos 7.
When i try to connect to the paypal sandbox api i get the error "Cannot connect: SSL is disabled."
I have tried several things like adding the path of the curl.cainfo in my php.ini file like so
curl.cainfo = /etc/pki/tls/certs/ca-bundle.trust.crt
this is what my cURL script looks like
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); // change to [...]sandbox.paypal[...] when using sandbox to test
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'ecdhe_rsa_aes_128_gcm_sha_256');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
I have not got much experience with Linux server setup so I am learning as i go along.
Any help or guide is much appreciated
UPDATE : when i run the this command in the command line
curl --version https://sandbox.paypal.com/cgi-bin/webscr
i get this error
curl: (1) Protocol "https" not supported or disabled in libcurl
Also the command curl --version
displays curl 7.42.1 (x86_64-unknown-linux-gnu) libcurl/7.46.0
So i am guessing the new question would be how to enable https in libcurl?
You're setting the wrong SSL version:
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
The Paypal sandbox only supports TLS 1.2 (which is CURLOPT_SSLVERSION == 6). The correct SSL version will be used automatically if you use PHP 5.5.19+ and OpenSSL 1.0.1+, or you can force it yourself with the following (still requires OpenSSL 1.0.1+):
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
I would only expect to see Protocol "https" not supported or disabled in libcurl if this were running a libcurl not installed from rpm - or if whoever configured the machine deliberately broke it for a valid reason, or was very incompetent; the Centos 7 rpm for libcurl has openSSL as a requirement.
Understanding what happened here and remediation will require root access to the target host to install software. You didn't say what access you have on the target system, and you are presumably paying Digital Ocean for support. Unless you broke it yourself, you should be asking Digital Ocean to fix it.
I was able to solve this problem with the help of one my friends with a lot of Linux experience. Apparently this was an issue with the version of cURL installed on my Digital Ocean box.
So the solution was to remove the version of cURL i had installed which was not installed correctly because i had built the binaries my self.
I installed the problematic cURL using these commands
wget -O curl.tar.gz http://curl.haxx.se/download/curl-7.42.0.tar.gz
tar -xvzf curl.tar.gz
cd curl-7.42.0
./configure
make
make install
I removed the problematic cURL that had https issues like this
which curl
(To tell me where the executable was located and it was located in usr/local/bin/curl)
Then i did
sudo rm -f /usr/local/bin/curl
(To remove the cURL giving issues)
Then i used the command
sudo yum install curl php5-curl
This installed cURL correctly for me. The i ran
curl --version
To confirm that https is now supported in the cURL version and it was.
I logged out of my droplet and logged back in. Then tried the
curl --version "https://sandbox.paypal.com/cgi-bin/webscr"
command and everything worked. I was able to connect to Paypal.
Thanks to everyone for their help and comments.
I think you need to enable fopen socket.You can ask hosting provider
I'm trying to test against a new PayPal test endpoint: https://tlstest.paypal.com.
See the very bottom of this page: TLS 1.2 and HTTP/1.1 Upgrade Microsite (Verify your...).
I'm using PHP (5.3.28) and curl (7.30.0 - OpenSSL/0.9.8y - libssh2/1.4.2) on Windows Server 2008 R2 and IIS 7.5:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2
$result = curl_exec($ch);
echo 'result = '.$result.'<br>';
echo 'errno = '.curl_errno($ch).'<br>';
echo 'error = '.curl_error($ch).'<br>';
curl_close($ch);
I'm getting this error:
35 Unknown SSL protocol error in connection to tlstest.paypal.com:443
I found this: Github - Unknown SSL protocol error in which someone says:
Openssl must be at 1.0.1 or higher for TLS 1.2.
Is this correct..?
My PHP OpenSSL is on version: OpenSSL/0.9.8y (from phpinfo()).
If you do need OpenSSL 1.0.1 or higher to use TLS 1.2 then presumably every server running PHP with a lesser OpenSSL version (I'm guessing that's a lot!) will be unable to use any PayPal API's or the PayPal IPN soon.
How do I update my PHP OpenSSL version on Windows..?
I have this working now. It seems as though at least OpenSSL/1.0.1i is required for TLS 1.2.
I upgraded my PHP version to 5.6.0, which upgraded OpenSSL to version 1.0.1.
I also needed these:
Use curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); to verify the certificate. The default is true as of cURL 7.10.
Save cacert.pem from http://curl.haxx.se/docs/caextract.html locally (in my case to c:\cert), then update the PHP ini that you're using to reference cacert.pem as shown here. Using the ini file saves you having to use curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem'); in every call.