I'm using a social authentication plugin called HybridAuth. When using it on my shared server but now I have upgraded to a VPS running IIS 7.
I read that I needed to instal cURL with SSL and when running phpinfo(), all is showing to be configured properly.
However, I am getting errors when trying to connect to the social networks:
Invalid or no certificate authority found, using bundled information
Error: Authentification failed! Twitter returned an error. 401 Unauthorized.
How can I fix this?
Try telling curl not to check for such things
curl_setopt_array ( $curl_instance , array(
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
) );
Related
Server: Centos 8 (fully updated)
PHP Version: 7.4 (FPM)
I am trying to make a call with cURL (and also tried with Guzzle) and I am getting the same problem with only HTTPS URLs. HTTP urls are fine and no problems.
Here is some sample code:
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_VERIFYPEER => false,
CURLOPT_CAINFO => BASEPATH . "/data/cacert.pem",
CURLOPT_URL => $url
));
The exact cURL error is: Received HTTP code 403 from proxy after CONNECT
The Apache virtual host is not using any proxy. I think this is somehow being stopped between Apache and PHP-FPM. The logs out put is not helpful. I have ruled out SELinux and mod_security as being the issue. Disabled both and still get the same result.
Another question mentions adding the following to https_proxy.conf
ProxyRequests On
AllowCONNECT 443 563 5000
But this has not yielded any results. The reason is because I am not using an http proxy in any http configurations.
Well, I found out what the problem was. I had an unused environment variable in my .env file which was setting a proxy that I usually use on my dev machine. The script was failing on the production machine.
Turns out cURL and Guzzle automatically load those environment variables in with their requests, thus causing a proxy connection refusal. I removed the variable and everything works as expected.
Live and learn.
I used OpenSSL to generate an SSL Certificate for my localhost, but the self-signed certificate seems to be causing problems when authenticating with Podio:
Fatal error: Uncaught PodioConnectionError: Connection to Podio API failed: [60] SSL certificate problem: self signed certificate in certificate chain
I tried downloading cacert.pem and adding it to my php.ini file curl.cainfo=<path-to>cacert.pem, but after restarting the server, I still get the same error.
With some other library's I've had to set CURLOPT_SSL_VERIFYPEER, but I'm not sure how I would do that anyway using the Podio PHP client library...
Any tips on debugging this error?
I found out how to set CURLOPT_SSL_VERIFYPEER => false when using the Podio PHP client library:
$options = array('curl_options' => array(CURLOPT_SSL_VERIFYPEER => false));
Podio::setup($client_id, $client_secret, $options);
Now I just have to remember to remove this in production...
I'm busy with a curl php library which needs to connect to an FTPS server.
I have this semi working... If I connect to ftp://domain.com then it does work. If I watch the comms on the server with tcpflow I see it logging in with AUTH TLS and and all the comms is encrypted. The file is uploaded so all's good..
What I'm unsure of is if its valid to try connecting instead to ftps://domain.com?
The reason I'm asking is because if I change the protocol from ftp to ftps in curl then the login fails and the server (watching tcpflow comms) says that the login has failed:
191.101.002.204.00021-088.099.012.154.51630: 530 Please login with USER and PASS.
Also, when I watch the comms when trying to connect to ftps:// I don't see the client issuing the AUTH TLS command as it does with plain ftp://
The problem I have is that it seems that my client's FTP server we have to ultimately connect to doesn't seem to allow connections without the ftps:// protocol.
If I connect using lftp I can do so using ftps:// but then I have to disable ssl:
set ftp://ssl-allow no
If I try the lftp connection using ftp:// it just hangs on the login command...
I'm not really that experienced with FTP or TLS / SSL so I don't know if its maybe because the client's server doesn't have the certificates set up correctly..
Here is a portion of my curl code which works with ftp:// but not ftps://
// Works
$url = "ftp://proxy.plettretreat.co.za/";
// Does not work
$url = "ftps://proxy.plettretreat.co.za/";
$port = 990;
$username = "ftpuser";
$password = "pass";
$filename = "/test.php";
$file = dirname(__FILE__)."/test.php";
$c = curl_init();
// check for successful connection
if ( ! $c)
throw new Exception( 'Could not initialize cURL.' );
$options = array(
CURLOPT_USERPWD => $username.':'.$password,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_BINARYTRANSFER => 1,
CURLOPT_FTP_SSL => CURLFTPSSL_ALL, // require SSL For both control and data connections
CURLOPT_FTPSSLAUTH => CURLFTPAUTH_TLS, // let cURL choose the FTP authentication method (either SSL or TLS)
CURLOPT_UPLOAD => true,
CURLOPT_PORT => $port,
CURLOPT_TIMEOUT => 30,
);
Another thing I'm unsure of is that my client has given me an IP address to connect to.. Can an IP address be used in ftps? I would have thought that certificates are mostly certifying a domain name?
tl;dr
1) Can I use ftps://domain.com to connect using CURL PHP?
2) If I can use ftps:// in curl, then how do I get curl to log in (issue auth tls command)?
3) Can an FTP server use SSL / TLS with only an IP address?
Thanks...
John
Many many hours of struggling led me to an eventual answer.
Part of the answer was that the client server and the FTP server had "overly" strict firewall rules blocking the passive ports.
I was getting the following error:
Error no: 35; Error: SSL connect error.
Error 35 was because of the firewall rules. Once those were relaxed that error went away, but as a note, you will also see this error if the client machine is NAT'ed. If it is you need to set the curl option:
curl_setopt($c, CURLOPT_FTPPORT, '1.2.4.5' ); // change to your actual IP.
This tells the FTP server where to open up its data channel (instead of trying to open it to the client server's internal address).
Anyway, once the firewall and FTPPORT options were set I got:
Error no: 30; Error: bind(port=0) failed: Cannot assign requested address
This one baffled me for quite a while as everything looked correct.
I eventually stumbled upon a few thread here and elsewhere which talk about an issue with older versions of Curl using NSS for its encryption. I checked and I was using libcurl version 7.19.7 (about 8 years old) and sure enough it uses NSS...
I updated my Curl using this guide: https://www.digitalocean.com/community/questions/how-to-upgrade-curl-in-centos6.
That updated me to libcurl 7.52.1 which uses OpenSSL and lo and behold, my app started working...
So, if you're having issues connecting curl-ftp to a FTPS server, check the FTPPORT (passive IP) if you're NAT'ed, check your firewall, but most importantly, check your curl:
<?php
print print_r(curl_version());
?>
I hope this helps someone..
I'm attempting to interface with the Google PHP API client and I am having issues with the certificate provided by Google:
Google error:
SSL certificate problem, verify that the CA cert is OK.
Retrying with the CA cert bundle from google-api-php-client.
PHP cURL error:
SSL certificate problem: unable to get local issuer certificate
I had no problems whatsoever on a Linux box. These errors are occuring on a Windows box.
I've tried a couple of different solutions:
https://code.google.com/
http://richardwarrender.com/
but to no avail.
PS:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
won't be acceptable ...
Courtesy of rmckay at webaware dot com dot au:
Please everyone, stop setting CURLOPT_SSL_VERIFYPEER to false or 0. If your PHP installation doesn't have an up-to-date CA root certificate bundle, download the one at the curl website and save it on your server:
http://curl.haxx.se/docs/caextract.html
Then set a path to it in your php.ini file, e.g. on Windows:
curl.cainfo=c:\php\cacert.pem
Turning off CURLOPT_SSL_VERIFYPEER allows man in the middle (MITM) attacks, which you don't want!
\Google_Client::$io->setOptions(array(CURLOPT_SSL_VERIFYPEER => FALSE));
#sKophek is correct and I appreciate the help as I was struggling with this. For those that prefer a touch more detail, here it is: (this is true, at least, for the 0.6.x version of the google-api-php-client)
1) \google-api-php-client\src\io\Google_CurlIO.php
2)
private $curlParams = array (
...
CURLOPT_SSL_VERIFYPEER => false,
... );
I'm trying to upload a file to a remote FTP server (which requires FTPES) using PHP. The script I've written works locally, but on the live server ftp_login() returns false and the following warnings appear in the error log:
PHP Warning: ftp_login(): failed to create the SSL context [...]
PHP Warning: ftp_login(): AUTH command ok; starting SSL connection. [...]
I know that the login details are correct (since identical code works locally). I can successfully connect to the FTP server from the live server using curl on the command line.
The server is running PHP 5.3.3 (Zend Server on CentOS). I can see from phpinfo that the PHP configure command includes -with-openssl=/usr/local/openssl-0.9.8o
The code is simply this:
$ftpConnection = ftp_ssl_connect('hostname');
if (!$ftpConnection) {
echo "Failed to connect to FTP Site\n";
return false;
}
if (!ftp_login($ftpConnection, 'xxxxx', 'xxxxx')) {
echo "Failed to login to FTP site\n";
return false;
}
For reference my local box (where this works fine) is running PHP 5.3.3-1ubuntu9.3.
Can anyone point me in the right direction?
Edit: I've noticed that the SSL certificate for this server isn't actually valid as the hostname I'm connecting to does not match the common name on the cert. Is there a PHP setting somewhere which controls how strict it or openSSL is regarding certificate errors? That might be the only issue.
I eventually solved this problem by changing the code to use the PHP cURL functions instead, since I knew I could connect okay from the command line with that. There probably is way to get this working with the FTP functions, but in case this helps anyone else here's my working cURL version:
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => 'ftp://username:password#hostname/path/to/file'
CURLOPT_UPLOAD => 1,
CURLOPT_INFILE => $fp,
CURLOPT_INFILESIZE => $localFileSize,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_FTP_SSL => CURLFTPSSL_TRY,
CURLOPT_VERBOSE => true
));
if (curl_exec($ch)) {
curl_close($ch);
}