I am using this code to test making a connection with curl:
$url = "https://www.google.com";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_STDERR, $fp);
curl_setopt($ch, CURLOPT_CERTINFO, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
//curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
//curl_setopt($ch, CURLOPT_TIMEOUT, 400); //timeout in seconds
$result = curl_exec($ch);
curl_errno($ch)==0 or die("Protocol SSLv3 Disabled.\n\nError:".curl_errno($ch)." ".curl_error($ch));
fseek($fp, 0);//rewind
$str='';
while(strlen($str.=fread($fp,8192))==8192);
echo $str;
The output looks like this:
* Rebuilt URL to: https://www.google.com/
* Hostname was NOT found in DNS cache
* Trying 74.125.237.211...
* Connected to www.google.com (74.125.237.211) port 443 (#0)
* SSL connection using SSLv3 / ECDHE-RSA-AES128-SHA
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
* start date: 2015-04-08 14:16:31 GMT
* expire date: 2015-07-07 00:00:00 GMT
* issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> HEAD / HTTP/1.1
Host: www.google.com
Accept: */*
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Location: https://www.google.com.au/?gfe_rd=cr&ei=0FY_Vd7PD8yN8Qe80IEI
< Content-Length: 261
< Date: Tue, 28 Apr 2015 09:45:52 GMT
< Server: GFE/2.0
< Alternate-Protocol: 443:quic,p=1
<
* Connection #0 to host www.google.com left intact
I would like to suppress all the information shown after the SSL information. Basically everything from > HEAD / HTTP 1.1 and down I don't want to be displayed.
Any ideas on how to can achieve this?
you have the verbose parameter set to 1. Perhaps you can set it to 0 and show the output.
i was looking for how to get the output verbose :)
Related
I'm trying to make a request to payment processing page. This requires authorization, which takes place through a set of redirects. In the second step, I get "411 Length Required" error, which means that content-length was lost along the way. Indeed, I cannot see it in the log. What can be done here? Change tool (programming language)?
CURLOPT_VERBOSE:
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to api.dev.example.com (188.186.236.44) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.dev.example.com
* start date: Apr 27 00:00:00 2019 GMT
* expire date: Apr 26 23:59:59 2021 GMT
* subjectAltName: host "api.dev.example.com" matched cert's "*.dev.example.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
> POST /p2p/v2/payer HTTP/1.1
Host: api.dev.example.com
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Length: 224
* upload completely sent off: 224 out of 224 bytes
< HTTP/1.1 302 Found
< Server: nginx
< Date: Mon, 13 Jul 2020 14:22:54 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 213
< Connection: keep-alive
< Keep-Alive: timeout=20
< Cache-Control: private
< Location: /api/payer/auth?sessionToken=e744a95992fa405ba10662bbc6908d6bedd48a73cc0d45d589f4ef2f7d7a0b88
< Set-Cookie: returnUrl=http://example.com/returnurl.php; path=/
<
* Ignoring the response-body
* Connection #0 to host api.dev.walletone.com left intact
* Issue another request to this URL: 'https://api.dev.example.com/auth?sessionToken=e744b95992fa405ba10662bbc6908d6b7dd48a73cc0d45d589f4ef2f7d7a0b88'
* Switch from POST to GET
* Found bundle for host api.dev.example.com: 0x5649fd243480 [can pipeline]
* Re-using existing connection! (#0) with host api.dev.example.com
* Connected to api.dev.example.com (188.186.236.44) port 443 (#0)
> POST /auth?sessionToken=e744b95992fa405ba10662bbc6908d6b7dd48a73cc0d45d589f4ef2f7d7a0b88 HTTP/1.1
Host: api.dev.example.com
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
< HTTP/1.1 411 Length Required
< Server: nginx
< Date: Mon, 13 Jul 2020 14:22:54 GMT
< Content-Type: text/html; charset=us-ascii
< Content-Length: 344
< Connection: keep-alive
< Keep-Alive: timeout=20
<
* Connection #0 to host api.dev.example.com left intact
My code is:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $path);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, Array (
"Content-Type: application/x-www-form-urlencoded",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $curl_method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $order_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, $verbose);
$response = curl_exec($ch);
curl_close($ch);
Set the content-length in the header, which would be set to the string length strlen() of $order_data
curl_setopt($ch, CURLOPT_HTTPHEADER, Array (
"Content-Type: application/x-www-form-urlencoded",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Content-Length: ". strlen($order_data)
));
you can also debug this by checking out curl_setopt($ch, CURLINFO_HEADER_OUT, true); which makes curl_getinfo() include the request's headers in its output.
The problem was in using curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $curl_method). Curl tryed to swithc to GET, like mostly browsers do, but cannot. Use curl_setopt($ch, CURLOPT_POST, 1); indeed.
I'm trying to get JSON from my IOT application. I can post data to my IOT application so my connection is ok but cant get a response. I only get a not allowed error.
I use this code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, true);
$verbose = fopen('php://temp', 'w+');
curl_setopt($ch, CURLOPT_STDERR, $verbose);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL,$endpoint_url);
$result = curl_exec($ch);
if ($result === FALSE) {
printf("cUrl error (#%d): %s<br>\n", curl_errno($ch),
htmlspecialchars(curl_error($ch)));
}
curl_close($ch);
rewind($verbose);
$verboseLog = stream_get_contents($verbose);
echo "Verbose information:\n<pre>", htmlspecialchars($verboseLog), "</pre>\n";
But all I get back is the following:
Verbose information:
* Hostname integrations.thethingsnetwork.org was found in DNS cache
* Trying 13.69.184.129...
* Connected to integrations.thethingsnetwork.org (13.69.184.129) port 443
(#0)
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=integrations.thethingsnetwork.org
* start date: Jan 31 12:04:08 2019 GMT
* expire date: May 1 12:04:08 2019 GMT
* subjectAltName: integrations.thethingsnetwork.org matched
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET /ttn-eu/api/v2/down/secret/test?key=secret HTTP/1.1
Host: integrations.thethingsnetwork.org
Accept: */*
< HTTP/1.1 405 Method Not Allowed
< Server: nginx/1.13.7
< Date: Wed, 20 Mar 2019 15:33:10 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 0
< Connection: keep-alive
<
* Connection #0 to host integrations.thethingsnetwork.org left intact
How can I get the data?
You are not specifying the Request type in your curl request which automatically defaults it to a GET one. Add the following to your code.
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
so I'm trying to make a CURL connection using PHP....when I use command line here's what gets returned
curl -iv https://example.com/image.gif
* Hostname was NOT found in DNS cache
* Trying ip.ad.dr.es.ss...
* Connected to site.com (ip.ad.dr.es.ss) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: example.com
* Server certificate: Symantec Class 3 Secure Server CA - G4
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> GET /image.gif HTTP/1.1
> User-Agent: curl/7.37.1
> Host: example.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: image/gif
Content-Type: image/gif
< Last-Modified: Thu, 14 Jul 2011 22:16:46 GMT
Last-Modified: Thu, 14 Jul 2011 22:16:46 GMT
< Accept-Ranges: bytes
Accept-Ranges: bytes
< ETag: "09bd8b77342cc1:0"
ETag: "09bd8b77342cc1:0"
* Server Microsoft-IIS/7.5 is not blacklisted
< Server: Microsoft-IIS/7.5
Server: Microsoft-IIS/7.5
< X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
< X-UA-Compatible: IE=EmulateIE10, requiresActiveX=true
X-UA-Compatible: IE=EmulateIE10, requiresActiveX=true
< Date: Thu, 05 Nov 2015 20:57:22 GMT
Date: Thu, 05 Nov 2015 20:57:22 GMT
< Content-Length: 43
Content-Length: 43
< Set-Cookie: BIGipServerSpace=596747530.20480.0000; path=/
Set-Cookie: BIGipServerSpace=596747530.20480.0000; path=/
<
* Connection #0 to host example.com left intact
And here's how I try to access it via PHP
$ch = curl_init();
$url_to_check = 'https://example.com/image.gif';
curl_setopt( $ch, CURLOPT_URL, $url_to_check );
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
curl_setopt($ch, CURLOPT_PORT, 443);
curl_exec( $ch );
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
echo curl_error($ch);
echo '||';
echo $httpcode;
curl_close( $ch );
But then it ends up returning
Empty reply from server||0
What did I do wrong? How can I fetch the image using SSL via php CURL accordingly?
What cURL version is your PHP using? Perhaps it doesn't support TLS 1.2 which was added in cURL 7.34.0.
Or your CA bundle might not recognize the CA of the site you are connecting to.
Try adding:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
To see the debug output from cURL in PHP like you get on the command line, you can add:
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, fopen('php://output', 'w'));
That might shed some light on the issue, as well as calling var_dump(curl_getinfo($ch)); after the request is executed.
I am using curl API to call a SOAP web service with two SSL authentication and uses UserName,PasswordDigest and Nounce in SOAP headers .
curl API code is:
$soap_do = curl_init();
curl_setopt($soap_do, CURLOPT_URL, "WEBSERVICE_URL" );
curl_setopt($soap_do, CURLOPT_CONNECTTIMEOUT, 1000);
curl_setopt($soap_do, CURLOPT_TIMEOUT, 1000);
curl_setopt($soap_do, CURLOPT_RETURNTRANSFER, true );
curl_setopt($soap_do, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($soap_do, CURLOPT_POST, true );
curl_setopt($soap_do, CURLOPT_VERBOSE, '1');
curl_setopt($soap_do, CURLOPT_SSLVERSION, '1');
curl_setopt($soap_do, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($soap_do, CURLOPT_SSLKEYPASSWD, 'secret');
curl_setopt($soap_do, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($soap_do, CURLOPT_SSLKEY,"C:/XP/Projects/setups/certs/key.pem");
curl_setopt($soap_do, CURLOPT_POSTFIELDS, $in);
curl_setopt($soap_do, CURLOPT_HTTPHEADER, array('Content-Type: text/xml; charset=utf-8', 'Content-Length: '.strlen($in) ));
$out = curl_exec($soap_do);
if($out === false)
{
echo "err";
$err = 'Curl error: ' . curl_error($soap_do);
curl_close($soap_do);
echo $err;
return $err;
}
else
{
echo "response ==";
echo $out;
echo "execu";
curl_close($soap_do);
return 'Operation completed without any errors';
}
CACERTS are already set in php.ini file:
Response is always Policy Falsified, can anybody please review that SSLKEY is properly set and outbound POST message will be encrypted with this key?
Full Response is:
response ==<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">Policy Falsified</soapenv:Text>
</soapenv:Reason>
<soapenv:Role>REMOVED FOR PRIVACY</soapenv:Role>
<soapenv:Detail>
<l7:policyResult status="Bad Request" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</soapenv:Detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
execu* Trying 216.178.233.150...
* Connected to impl.client.com (216.178.233.150) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:/Project_ah/php/cacert.pem
CApath: none
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=Maryland; L=Baltimore; O=Centers for Medicare & Medicaid Services; OU=OIS; CN=REMOVED FOR PRIVACY
* start date: 2014-12-31 00:00:00 GMT
* expire date: 2016-01-23 23:59:59 GMT
* subjectAltName: REMOVED FOR PRIVACY
* issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4
* SSL certificate verify ok.
> POST /Imp1/servie HTTP/1.1
Host: REMOVED FOR PRIVACY
Accept: */*
Content-Type: text/xml; charset=utf-8
Content-Length: 2517
Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 500 Internal Server Error
< Server: Apache-Coyote/1.1
< Content-Type: application/soap+xml;charset=utf-8
< Content-Length: 746
< Date: Wed, 03 Jun 2015 03:53:13 GMT
< Connection: close
<
* Closing connection 0
Note: Not using SOAPClient because it fails in parsing WSDL due to nested XSDs defining namespaces again
I need to post some data to a script on my server. I'm using curl with and verbose error reporting. Does anyone have any idea why this is not working please?
Thanks,
Posting script
function makePost($postvars, $count) {
$url = 'http://servername.something.org/php/callback-f.php';
$ch = curl_init();
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$postvars);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
$result = curl_exec($ch);
curl_close($ch);
}
The script which is posted to contains this line:
<?php log_error("success",ERROR_LOG_TO_STDERR); ?>
My post vars a string which look like this:
surname=smth&address1=No+Value&this=that
The result i get back is this:
Connected to myserver.org port 80
> POST /php/callback-f.php HTTP/1.1
Host: myserver.org
Pragma: no-cache
Accept: */*
Content-Length: 1510
Content-Type: application/x-www-form-urlencoded
< HTTP/1.1 301 Moved Permanently
< Location: https://myserver/php/callback-f.php
< Content-Length: 0
< Date: Wed, 16 Nov 2011 16:21:23 GMT
< Server: lighttpd/1.4.28
* Connection #0 to host left intact
* Closing connection #0
Could you try using:
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
You are getting back a 301 error. Your attempted url is http://servername.something.org and the 301 is saying the page is to be found at https://myserver (note https protocol).
301 errors also are not supposed to redirect on POST without user assent.