I'm trying to get response using the Google Safe Browsing Lookup API like this:
$url ="https://sb-ssl.google.com/safebrowsing/api/lookup?client=myappname&apikey=mykey&appver=1.0&pver=3.0&url=".urlencode($myurl);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 120);
$body = curl_exec($ch);
$info = curl_getinfo($ch);
I know that my URL is correct since if I dump it and then paste it to the browser I get the expected result (for example 'malware').
So I am assuming it must be something with cURL. I'm working on localhost and extension=php_curl.dll is un-commented in my php.ini, Php version 5.4.4
The html_code is always 0
Simply set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to false.
Anything wrong with my cURL code (http status of 0)?
Also check http://code.google.com/p/twitter-api/issues/detail?id=1291 , it might help. It is different APIs, but with the same problem anyway.
The problem and its solution is very nicely described here:
http://richardwarrender.com/2007/05/the-secret-to-curl-in-php-on-windows/
Basically if you are not using a standalone version of cURL the chances are that the cURL functions do not include a certificate bundle which was needed in my case since I was trying to connect to secure host.
$ch = curl_init();
// Apply various settings
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CAINFO, "C:/xampp/ca-bundle.crt"); //path to the CA-bundle
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($ch);
curl_close($ch);
Related
Once again, another question concerning cURL and SSL, as I cannot find matching answers to my problem.
I have working SSL on my webserver, with trusted cert and green signs on browsers address bar a.s.o., NOT self signed. So good, so far.
Now I want communicate with cURL and use the following function (POST data not added yet):
function ssltest(){
$post_data = '';
$url = 'https://myserver/test.php';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_MUTE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
//curl_setopt($ch, CURLOPT_CAINFO, 'sslstuff/cacert.pem');
curl_setopt($ch, CURLOPT_CAINFO, 'sslstuff/false.pem');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
echo ssltest();
As the cacert.pem I use this one, which I found in my browser, which is obviously identical to what I found here http://curl.haxx.se/ca/cacert.pem
In the code shown above there is a false.pem to be seen. Now what ? If this file is empty, there's no response from Server, but I tested to paste the cert from another enterprise from the list on curl.haxx.se I get the same correct answer from the server as result, as when I use my correct .pem
What's the issue ? What I am missing ?
"there's no response from Server"
I think that's very unlikely. I suspect there is no HTTP response from the server, but that the SSL negotiation is failing - but you've got no error checking in your code. If $output===false, have a look at curl_error().
You might want to play around with VERIFYHOST and VERIFYPEER to pin down the exact cause of the problem.
I'm a bit of a beginner to this. But I am trying to use cURL to perform a GET request to pull back users tweets.
I've been able to authenticate OK. But I cannot work out how to GET the data. I'm working from my localhost.
I've tried adding a basic certificate but it does not work.
Do I have to buy an SSL certificate for my site? I've seen twitter feeds on other sites that haven't purchased SSL certificates so I don't know how they do it?
I've seen this in the Twitter documentation. The file that is mentioned, is that the one I can purchase?
curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, True);
curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($connection, CURLOPT_CAINFO, "path:/ca-bundle.crt");
This is my cURL code, it worked before I put the CURLOPT_URL section in and got a positive response from the server:
$url = "https://api.twitter.com/oauth2/token";
$headers = array(
"POST /oauth2/token HTTP/1.1",
"Host: api.twitter.com",
"User-Agent: my Twitter App v.1",
"Authorization: Basic ".$encoded."",
"Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
);
$ch = curl_init();
curl_setopt ($ch, CURLOPT_CAINFO, "cacert.pem");
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
curl_setopt($ch, CURLOPT_URL, "http://twitter.com/statuses/user_timeline/".$username.".json?count=".$num_tweets);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$header = curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
curl_close($ch);
Edit: there are problems with the code above, I'm aware I'm doing something wrong but not sure what. Anyway, here is the original code I had which did work OK and got the expected result back from the server. So the next step is to request the user's tweets from their timeline.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$header = curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
You may use curl_getinfo to know what's going on.
You may also post the url of the Twitter documentation so we can have a look.
$headers indicates a host as api.twitter.com but CURLOPT_URL uses twitter.com, is this a typo ?
Your code is schizophrenic:
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_URL, "http://twitter.com/statuses/user_timeline/".$username.".json?count=".$num_tweets);
You're setting the URL twice, to different URLs. Only the LAST url set will have any effect, so you're not posting to the API, you're posting to something else on the main twitter site.
And no, you don't need an SSL cert on your own machine to do any of this. The ca-cert.pem is a list of cert issuer's public certs, which will be used to validate/authenticate Twitter's own certificate. It's basically the same thing built into your browser(s) that allow them to validate any other SSL cert out there. e.g. you don't have to buy a personal SSL cert to go shopping on amazon.com, you just need the CA certs in your browsers to authenticate amazon's servers.
I am having some issues communicating to certain third party system, through CURL in PHP.
This is part of the code I have to submit come requests
$query = '<tag>some xml content with request data</tag>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://secure.certainsystem.com/function.php");
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_POST, 1);
$data = curl_exec($ch);
The request is the same for all cases, but sometimes I don't get any data from the curl_exec($ch), and instead, when I run curl_error($ch), I get:
SSL peer certificate or SSH remote key was not OK
This is not happening all the times, but it is happening, so I'm not sure what the problem could be, if the problem is in the code, or there is a problem in the third party system I'm comunicating to.
I searched for this message error in other places and here as well, and I found that if CURLOPT_SSL_VERIFYPEER is set to true, then it could be a problem with the third party system's certificate, perhaps a self-signed one. But in my case, that option is set to 0, which I assume is taken as false.
Recently I found there is an option CURLOPT_SSL_VERIFYHOST, but I'm not setting that option to any value, so I think it is taking the default, which according to PHP.net documentation, is 2, which means:
2 to check the existence of a common name and also verify that it matches the hostname provided.
Thank you very much for your help.
add options
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
more see here https://answers.launchpad.net/ubuntu/+question/171188
Although I am answering an old post, I think it will help the new viewers-
You can check the problem by adding
curl_setopt($ch, CURLOPT_VERBOSE, 1);
The reason is explained in my post here.
Am trying to access an API using CURL
I can access the API from my browser.
But cannot get the data from the same api(using the same API key)
using curl.
I am getting this error.
403 Developer Over Qps
Please let me know what can be the reason for this.
Earlier it was working. I am facing this issue for the past 2 days.!!
please check the code below:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://api.perfb.com/api/api.php?requestmethod=json&responsemethod=xml');
curl_setopt($ch, CURLOPT_TIMEOUT, 900);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vJson);
$response = curl_exec($ch);
$info = curl_getinfo($ch);
echo '<pre>';
print_r($info);exit;
Qps means Queries Per Second
Are you hitting the server repeatedly with curl in a loop for example? Try adding a pause after each call and see if that works.
That error usually signifies that you're hitting the server too often (i.e. developer over allowed queries per second). Slow down your code, put some delays in. In browser, you're doing it manually, so it's likely quite a bit slower than your code.
How do I download a image from curl (https site)?
File is saved on my computer but why is it blank (0KB)?
function save_image($img,$fullpath){
$ch = curl_init ($img);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch, CURLOPT_BINARYTRANSFER,1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
$rawdata=curl_exec($ch);
curl_close ($ch);
$fp = fopen($fullpath,'w');
fwrite($fp, $rawdata);
fclose($fp);
}
save_image("https://domain.com/file.jpg","image.jpg");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
should actually be:
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
so curl knows that it should return the data and not echo it out.
Additionally, sometimes you have to do some more work to get SSL certs accepted by curl:
Using cURL in PHP to access HTTPS (SSL/TLS) protected sites
EDIT:
Given your usage, you should also set CURLOPT_HEADER to false as Alix Axel recommended.
In terms of SSL, I hope you'll take time to read the link I suggested, as there are a few different ways to handle SSL, and the fix Alix recommended may be OK if the data isn't sensitive, but does negate the security, as it forces CURL to accept ANY SERVER CERTS.
You need to add these options:
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
Also, set CURLOPT_HEADER to false and CURLOPT_RETURNTRANSFER to true.