I have 2 php scripts , to send an xml file and catch it. I am using cURL and everything was ok. Now i am trying to do the same but using HTTP over SSL (HTTPS). I have installed a local server with XAMPP and i have set up SSL by following this post : Setting up SSL on a local xampp/apache server .
I am trying to send the xml file like this :
<?php
/*
* XML Sender/Client.
*/
// Get our XML. You can declare it here or even load a file.
$xml = file_get_contents("data.xml");
// We send XML via CURL using POST with a http header of text/xml.
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");
//i use this line only for debugging through fiddler. Must delete after done with debugging.
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "https://ipv4.fiddler/iPM/receiver.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_REFERER, 'https://ipv4.fiddler/iPM/receiver.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ch_result = curl_exec($ch);
echo "Result = ".$ch_result;
curl_close($ch);
// Print CURL result.
?>
I downloaded the new certificate for cURL from here :
http://curl.haxx.se/ca/cacert.pem
I am not sure where i should put the certificate but i put it in my workspace directory of this project.
The problem now is that the XML file is never sent to the receiver. Any ideas?
The cacert.pem that you're passing to cURL via the CURLOPT_CAINFO is used to verify certificate authorities, but development servers typically have self signed certificates which are not included in that bundle.
The first step is to generate your own self signed certificate. This article describes the process step-by-step. Make sure that during the CSR generation you're using the intended server name under the Common Name (CN), e.g. ipv4.fiddler.
Once you have configured your web server using the self signed certificate (e.g. server.crt) and key (e.g. server.key), you need to copy the former to a location that your script can access it.
The following bare essentials can be used to verify the whole thing:
$ch = curl_init('https://ipv4.fidler');
curl_setopt_array($ch, array(
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_VERBOSE => true,
CURLOPT_CAINFO => '/path/to/server.crt',
));
if (false === curl_exec($ch)) {
echo "Error while loading page: ", curl_error($ch), "\n";
}
If I you want to send a ssl post request using Curl, without verify the certificate, you can use the following code:
$data = array(
'name' => $name,
'ip' => $ip,
'text'=> "text"
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,'https://myserver.com/index.php/');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query($data));
// receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
curl_close ($ch);
Related
I have to call an api that requires the client certificate authentication.
I test this api in postman with client certification and its working perfectly.
Now i want to do it with php curl.
I tried below code but its giving me following error.
HTTP/2 stream 0 was not closed cleanly: HTTP_1_1_REQUIRED (err 13)
$url = 'https://someurl';
$json = 'somejson';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);
curl_setopt($ch, CURLOPT_SSLCERT, __DIR__."/certificate.pem");
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, __DIR__."/privatekey.key");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
$responseData = curl_exec($ch);
if(curl_errno($ch)) {
echo curl_error($ch);
}
curl_close($ch);
The error message has all the clues you need: HTTP_1_1_REQUIRED
TLS client certificates are not supported for HTTP/2, so you need to make sure your curl request is done using HTTP/1.1 by explicitly asking for that. curl will by default upgrade to HTTP/2 on HTTPS URLs otherwise.
Set CURLOPT_HTTP_VERSION to CURL_HTTP_VERSION_1_1.
Modern browsers support HTTPS proxies that can be connected to via a PAC file (see https://www.igvita.com/2012/06/25/spdy-and-secure-proxy-support-in-google-chrome/ if you're not familiar).
I'm trying to replicate the same thing and connect to such a proxy via php CURL, but I'm simply getting a blank response, no headers or content.
My code is as follows:
$url = "http://checkip.dyndns.com";
$proxy = "proxy.domain.com:443";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL , 1);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, 'test:test');
curl_setopt($ch, CURLOPT_PROXYTYPE, "CURLPROXY_HTTP");
$response = curl_exec($ch);
curl_close($ch);
echo $response;
Any ideas?
If anyone is interested, the solution to this is to use spdycat instead of curl: https://github.com/tatsuhiro-t/spdylay
There's no support for connecting to a proxy with HTTPS with curl yet. There is a work-in-progress branch in git though: https://github.com/bagder/curl/tree/HTTPS-proxy
We will appreciate help to get that in shape to merge.
I am using CURL to invoke an API with self signed public key in .pfx extension
function execute_curl($string,$URL)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml','SOAPAction:"http://xxxxxxxxxxxxxxxxxx/SendDoc"'));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $string);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
$ch_result = curl_exec($ch);
return $ch_result;
}
I cannot set the CURLOPT_SSL_VERIFYPEER to FALSE for security purpose, anyone can show me how I can properly add the certificate along with its password into curl? EDIT I am not even sure if that is the solution for it, so far I am only getting no response from it. Any additional solution or ways to make it work is very much appreciated.
Also, I am trying to make it work on 2 environment, my dev environment which is in windows and also my test server environment which is in fedora, should the certificate be in different format?
I am unable to execute an URL through curl. But if simply run the query thrugh browser, its working fine. My code is like:
$xmlData = "<Leads><row no='1'><FL val='First Name'>".$new_fname."</FL><FL val='Last Name'>".$new_lname."</FL><FL val='Email'>".$new_email."</FL><FL val='Phone'>".$new_ph_no."</FL></row></Leads>";
$xmlData = htmlentities($xmlData);
$ch = curl_init("https://crm.zoho.com/crm/private/xml/Leads/insertRecords?newFormat=1&authtoken=XXX&scope=crmapi&xmlData=".$xmlData);
curl_setopt($ch, CURLOPT_VERBOSE, 1);//standard i/o streams
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);// Turn off the server and peer verification
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'rsa_rc4_128_sha'); //for godaddy server patch
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//Set to return data to string ($response)
curl_setopt($ch, CURLOPT_POST, 1);//Regular post
$response = curl_exec($ch);
curl_close($ch);
could you please let me know where is the issue?
Thanks in advance.
The following code should work:
$ch = curl_init("https://crm.zoho.com/crm/private/xml/Leads/insertRecords?newFormat=1&authtoken=XXX&scope=crmapi&xmlData=".$xmlData);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
// deactivate certificate checking
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//Set to return data to string ($response)
curl_setopt($ch, CURLOPT_POST, 1);//Regular post
$response = curl_exec($ch);
if(!$response) {
echo curl_error($ch), PHP_EOL;
}
curl_close($ch);
After discussion comments I realized that the problem is, that you haven't installed the Thawte ssl certificate on your system. You have two options:
Install the certificates
Disable certificate checking using CURLOPT_VERIFYPEER = FALSE
I've used the second approach in my example just to show how to make your code working. For a production system I would advice you to install the certificates.
The following code returns Exit code 58.
From cURL documentation:
CURLE_SSL_CERTPROBLEM (58)
problem with the local client certificate.
// create a new CURL resource
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . $CERT);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD,"XXXXX");
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content Type: text/xml',
'User-Agent: XXXXX',
'User-Name: XXXXX'
));
$RESPONSE = curl_exec($ch);
var_dump($RESPONSE);
// close CURL resource, and free up system resources
curl_close($ch);
Is there something I'm missing?
Make sure the file in getcwd() . $CERT exists and is a valid PEM certificate. If it seems ok, set the following option to get more SSL certification details output to STDERR:
curl_setopt($ch, CURLOPT_CERTINFO, true);
Note that this setting only has effect if CURLOPT_VERBOSE is set to true, which you already have.
problem with the local client certificate
hmm a bit vague. Seems to mean Curl doen't like the certificate, rather than the remote system doesn't like it. Is it in PEM format? Public and private keys in certificate? Readable by webserver uid?