I have a php script used to make a connection to a SSL website.
I have both CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST set to FALSE
and the version of openssl is up-to-date. (SSL Version OpenSSL/1.0.1c)
When I send a request to that SSL website, it yields the following error:
string 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol' (length=67)
I've racked my brain all day but still can't solve it. Please help!
===update===
here is my code:
$ch = curl_init();
$options = array(
CURLOPT_URL => 'https://www.example.com',
CURLOPT_HEADER => 0,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false
);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
curl_close($ch);
If you are trying to call a file within same server, you can use following block of code to fulfill your requirement:
ob_start();
require "b.php";
$result = ob_get_clean();
Related
When I try to send a cURL request, I get the following error:
* SSL certificate verify ok.
> * SSL_write() error: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry
* Closing connection 0
this is the request I am sending:
$url = 'https://example.com/services/service-name';
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $postData,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2,
CURLOPT_VERBOSE => true,
CURLOPT_STDERR => $fp,
));
$response = curl_exec($curl);
Sometimes it works, but other times it gives me the SSL error "Curl Error Number 55".
Curl version: 7.84.0
SSL version: OpenSSL/1.1.1p
On localhost, it works all the time, but on production server "Linux" it keeps giving me the SSL error. Any help is greatly appreciated
After trying everything I know, the problem was related to DNS using IPv6 instead of IPv4. I forced the cURL request to use IPv4 and haven't received any error since
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
I'm trying to download a file that needs to be authenticated through a client digital certificate, I already have the certificate but I do not know how to configure it in curl.
$useragent = '...';
$post = array( ... );
$certPass = '123456';
$certPath = _DIR_PATH.'cert/';
$certPfx = $certPath.'certificate.pfx';
$cert = $certPath.'certificate.pem';
$url = 'https://www.url.com/path/to/access';
$ch = curl_init( $url );
$options = array(
CURLOPT_FAILONERROR => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_AUTOREFERER => true,
CURLOPT_HEADER => true,
CURLOPT_NOBODY => true,
CURLOPT_CAINFO => $cert,
CURLOPT_CAPATH => $certPath,
CURLOPT_SSH_PRIVATE_KEYFILE => $certPfx,
CURLOPT_SSLCERT => $cert,
CURLOPT_SSLCERTPASSWD => $certPass,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $post,
CURLOPT_USERAGENT => $useragent,
CURLOPT_COOKIE => 'ASP.NET_SessionId='.$cookie
);
curl_setopt_array( $ch, $options );
$resp = curl_exec($ch);
$ch_errno = curl_errno($ch);
$ch_erro = curl_error($ch);
curl_close($ch);
I am always getting the message: SSL certificate problem: unable to get local issuer certificate.
Can someone help me?
PHP cURL: Fixing the “SSL certificate problem: unable to get local issuer certificate” error.
If you are using PHP’s cURL functions to connect to a HTTPS URL, you might come across the following error:
SSL certificate problem: unable to get local issuer certificate. (cURL error code 60)
This is a common error that occurs whenever you attempt to use PHP’s cURL functions to connect to a HTTPS website. Essentially, your cURL client has not been configured to connect to SSL-enabled websites.
The Quick Fix.
CURLOPT_SSL_VERIFYHOST: This option tells cURL that it must verify the host name in the server cert.
CURLOPT_SSL_VERIFYPEER: This option tells cURL to verify the authenticity of the SSL cert on the server.
For example.
$url = 'https://google.com';
//Initiate cURL.
$ch = curl_init($url);
//Disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER by
//setting them to false.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//Execute the request.
curl_exec($ch);
//Check for errors.
if(curl_errno($ch)){
throw new Exception(curl_error($ch));
}
You need to configure your php.ini porperly with current (valid) certificates.
curl.cainfo = "/etc/php7.2/cacert.pem"
openssl.cafile = "/etc/php7.2/cacert.pem"
Look at https://curl.haxx.se/docs/caextract.html to download the current one. After that restart your webserver.
Do not something like
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
which will work, but disables any verification and security.
I appreciate this has been asked a number of times but after looking through the answers I'm still getting the following error:
Curl error: Peer certificate cannot be authenticated with known CA certificates
I have the below code, which works on a non-https version of the site (different server), however, it won't work on the live site running https. My assumption is that it's trying to verify against the SSL certificate on the site, rather than the .pem file specified in $cert_path.
I'll be honest, I'm a bit confused between SSLCERT and the CAINFO however I have added the following to my php.ini file and checked to make sure they're set correctly, which they are.
// php.ini
curl.cainfo = "/path/to/.pem";
openssl.cafile = "/path/to/.pem";
As I said before, the following works on the stage version of the site, just not the live one. Any help would be greatly appreciated.
// php curl snippet
$cert_path = '/path/to/.pem';
$options = array(
CURLOPT_SSL_VERIFYHOST => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSLCERT => $cert_path,
CURLOPT_SSLCERTPASSWD => $password,
CURLOPT_CAINFO => $cert_path,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xml_post_string,
CURLOPT_HTTPHEADER => $headers
);
curl_setopt_array( $ch, $options );
If I set VERIFYPEER to false it does connect but my assumption is that this wouldn't be passing the data securely?
Thank you.
I've managed to get this working however there are a few things to note which may help someone in the future.
The site was hosted with 123reg and I was informed by their support that third-party SSL certificates are not accepted. Although I was told this ultimately my code below did work.
I regenerated my .pem file so this too could have worked in my favour.
My final code as as follows: I also stripped out the php.ini code entirely.
// These two variables will differ depending on your payload for Curl
$xml_post_string = '...';
$headers = array();
// This will differ based on your endpoint
$url = 'endpoint.url';
$password = 'password';
$cert_path = '/path/to/.pem';
$ch = curl_init();
$options = array(
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSLCERT => $cert_path,
CURLOPT_SSLCERTTYPE => "PEM",
CURLOPT_SSLCERTPASSWD => $password,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xml_post_string,
CURLOPT_HTTPHEADER => $headers
);
curl_setopt_array( $ch, $options );
$response = curl_exec($ch);
curl_close($ch);
I am trying to connect to an API which is based on JSON-RPC 2.0. As i am new to this im not sure if im coding this correctly because all I am recieving is an error.
Can anyone give me a brief explanation on how to connect to API in PHP?
<?php
header('Content-Type: application/json');
//check if you have curl loaded
if(!function_exists("curl_init")) die("cURL extension is not installed");
$url = 'xxxxxxxxx';
$data = array(
"operator_id" => "xxxx",
"login" => "xxxx",
"password" => "xxxx",
);
$curl_options = array(
CURLOPT_URL => $url,
CURLOPT_HEADER => 0,
CURLOPT_NOBODY => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_TIMEOUT => 0,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_ENCODING => 'gzip,deflate',
CURLINFO_HEADER_OUT => true,
);
$ch = curl_init();
curl_setopt_array($ch, $curl_options);
$output = curl_exec($ch);
curl_close($ch);
$arr = json_decode($output,true);
echo ($output);
?>
The response i am recieving is this: {"jsonrpc":"2.0","error":{"code":-32600,"message":"Invalid request"},"id":null}
The response i should be recieving if successful login is: {"jsonrpc":"2.0","result":true,"error":null,"id":1,"ts":1368533487}
You're not sending a JSON-RPC request at all.
The request must be a JSON body, so you must json_encode the data before passing it to CURLOPT_POSTFIELDS.
The posted json must have the keys method, params, id, and jsonrpc (the last should be set to "2.0"). Your data would go into params. The id can be set to whatever, but without it you shouldn't get a response at all.
It is a quite simple format. See the specification at http://www.jsonrpc.org/specification
I am working with Rightmove and their realtime data feed, we received a (self-signed?) certificate (.p12 file) that we had to insert into our browser/PC to connect to the testserver, this is all working great.
Now we are writing our own script, and connecting to the test server via CURL, however we are loading this script from our server and it does not have access to the test server (handshake failed - authentication, after research looks like it is expecting certificate which makes sense), but how do we get access? They are not of great help and I am wondering if we need to add this certificate to our domain/server as well to gain authentication?
Hope you can help!
You would use the CURLOPT_SSLCERT & CURLOPT_SSLCERTPASSWD options with your CURL command. e.g
$url = "https://www.example.com";
$cert_file = 'certificate_file.pem';
$cert_password = 'password';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Useragent',
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);