I originally posted this at the Amazon SES forums here: https://forums.aws.amazon.com/thread.jspa?threadID=74561&tstart=0
But since the stackoverflow community is more active, I'll post it here :)
Basically I have a forecah loop around a cURL post (see bottom of post for script snippet). It works for a couple hundred posts, but then starts to fail for all the others. Here's the last successful post followed by the first of 100's of unsuccessful posts...
* About to connect() to email.us-east-1.amazonaws.com port 443 (#0)
* Trying 207.171.162.2... * connected
* Connected to email.us-east-1.amazonaws.com (207.171.162.2) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=email.us-east-1.amazonaws.com
* start date: 2010-10-08 00:00:00 GMT
* expire date: 2013-10-07 23:59:59 GMT
* subjectAltName: email.us-east-1.amazonaws.com matched
* issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
* SSL certificate verify ok.
POST / HTTP/1.1
Accept: */*
Host: email.us-east-1.amazonaws.com
Content-Type: application/x-www-form-urlencoded
Date: Sat, 20 Aug 2011 18:59:56 UTC
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=LKIABMH7PT8SO4YBRDQA,Algorithm=HmacSHA1,Signature=/0HFVEsTBGqUUSQGy9jvmsft2k4=
Content-Length: 5810
Expect: 100-continue
< HTTP/1.1 200 OK
< x-amzn-RequestId: 4a0f8f18-cb5f-11e0-8364-b14fdafc0888
< Content-Type: text/xml
< Content-Length: 326
< Date: Sat, 20 Aug 2011 19:04:55 GMT
<
* Connection #0 to host email.us-east-1.amazonaws.com left intact
* Closing connection #0
The the failures start....
* About to connect() to email.us-east-1.amazonaws.com port 443 (#0)
* Trying 207.171.162.2... * connected
* Connected to email.us-east-1.amazonaws.com (207.171.162.2) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=email.us-east-1.amazonaws.com
* start date: 2010-10-08 00:00:00 GMT
* expire date: 2013-10-07 23:59:59 GMT
* subjectAltName: email.us-east-1.amazonaws.com matched
* issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
* SSL certificate verify ok.
POST / HTTP/1.1
Accept: */*
Host: email.us-east-1.amazonaws.com
Content-Type: application/x-www-form-urlencoded
Date: Sat, 20 Aug 2011 18:59:56 UTC
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=LKIABMH7PT8SO4YBRDQA,Algorithm=HmacSHA1,Signature=/0HFVEsTBGqUUSQGy9jvmsft2k4=
Content-Length: 5806
Expect: 100-continue
< HTTP/1.1 400 Bad Request
< x-amzn-RequestId: 4b8f29db-cb5f-11e0-b9af-33e5c8fc863b
< Content-Type: text/xml
< Content-Length: 347
< Date: Sat, 20 Aug 2011 19:04:58 GMT
<
* Connection #0 to host email.us-east-1.amazonaws.com left intact
* Closing connection #0
Here's the script snippet
foreach($JSONarray['DATABASE'] as $E)
{
if ((array_diff($E['LISTS'], $FILTER) != $E['LISTS']) && $E['STATUS'] == "CONF")
{
$MAIL = "Action=SendEmail&Source=".$FROME."&ReturnPath=".$BOUNCE."&Destination.ToAddresses.member.1=".$TOE."&Message.Subject.Data=".$SUBE."&Message.Body.Html.Data=".$BODYE;
//curl
$aws = curl_init();
curl_setopt($aws, CURLOPT_POSTFIELDS, $MAIL);
curl_setopt($aws, CURLOPT_HTTPHEADER, $headers);
curl_setopt($aws, CURLOPT_HEADER, false);
curl_setopt($aws, CURLOPT_URL, $url);
curl_setopt($aws, CURLOPT_RETURNTRANSFER, true);
curl_setopt($aws, CURLOPT_VERBOSE, true);
curl_setopt($aws, CURLOPT_STDERR, $SESLOG);
curl_exec($aws);
curl_close($aws);
}
}
Any ideas?
Could it be a DOS prevention mecanism kicking in? How about putting some sleeps into your code? I would definitely put some safeguards against potential DOS attacks if I were Amazon..
Just a guess, though...
I figured out the problem:
<ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
<Error>
<Type>Sender</Type>
<Code>RequestExpired</Code>
<Message>Request timestamp: Mon, 22 Aug 2011 15:49:11 UTC expired. It must be within 300 secs/ of server time.</Message>
</Error>
<RequestId>0e3899cb-ccd7-11e0-9f09-c5d12d442026</RequestId>
</ErrorResponse>
My headers were set-up outside the forecah loop around curl. Doh! So I just moved that bit of code into the loop to solve the time-out problem.
Related
I'm trying to integrate authorize.net (AIM) using the official PHP SDK v2.0.0 and I'm seeing some strange behaviors:
curl_exec() returns false even when the request is successful and CURLOPT_RETURNTRANSFER is set to true.
curl_errno is returns 7 (Failed to connect() to host or proxy) for the same request.
I know request is successful since:
I can see the transaction is successfully recorded at authorize.net
Setting CURLOPT_RETURNTRANSFER to false causes the JSON response from authorize.net to be printed
curl_getinfo() shows HTTP status code = 200
Anyone experience this type of behavior with cURL? I'm not sure what I'm missing.
EDIT: Added output with CURLOPT_VERBOSE set
* Trying 198.241.206.22:443...
* Connected to apitest.authorize.net (198.241.206.22) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /home/app/demo/assets/lib/anet_sdk_2.0.0/lib/ssl/cert.pem
CApath: none
* SSL connection using TLSv1.2 / AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Foster City; O=Authorize.Net; CN=*.authorize.net
* start date: Feb 5 20:44:08 2020 GMT
* expire date: Mar 15 21:14:08 2021 GMT
* subjectAltName: host "apitest.authorize.net" matched cert's "*.authorize.net"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
* SSL certificate verify ok.
> POST /xml/v1/request.api HTTP/1.1
Host: apitest.authorize.net
Accept: */*
Content-Type: text/json
Content-Length: 1458
* upload completely sent off: 1458 out of 1458 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json; charset=utf-8
< X-OPNET-Transaction-Trace: a2_fe4a070f-cf07-47d7-8e9e-c8a703920de5-5628-7089051
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: x-requested-with,cache-control,content-type,origin,method,SOAPAction
< Access-Control-Allow-Methods: PUT,OPTIONS,POST,GET
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000
< X-Cnection: close
< Date: Sat, 12 Sep 2020 10:40:48 GMT
< Content-Length: 512
<
* Connection #0 to host apitest.authorize.net left intact
Good Evening Everyone.
Have been searching for a week to try and find a way of connecting using guzzle.
curl -v https://go.paytraq.com/api/{APICall}?APIToken={APIToken}&APIKey={APIKey} \
-H "Content-Type:text/xml" \
-d "{RequestBody}"
I tried all methods and keep getting unauthorised access and not sure the best way to pass APIToken and APIKey.
I have used the above from terminal and it works fine.
$client = new \GuzzleHttp\Client(['base_uri'=>'https://go.paytraq.com']);
$request = $client->request('GET','/api/clients',['debug'=>true],[ 'headers'=>
'APIToken=XXXXXX&APIKey=XXXX'
]);
The above is the last version of my code which gives me the below error
GuzzleHttp\Exception\ClientException
Client error: GET https://go.paytraq.com/api/clients resulted in a 401 Unauthorized response: API key or token is not provided
And below is the guzzle debug
Trying 52.16.7.7:443... * Connected to go.paytraq.com (52.16.7.7) port 443 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/etc/openssl#1.1/cert.pem CApath: /usr/local/etc/openssl#1.1/certs * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=go.paytraq.com * start date: Oct 14 00:00:00 2019 GMT * expire date: Nov 14 12:00:00 2020 GMT * subjectAltName: host "go.paytraq.com" matched cert's "go.paytraq.com" * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon * SSL certificate verify ok. > GET /api/clients HTTP/1.1 Host: go.paytraq.com User-Agent: GuzzleHttp/7 * Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Content-Type: text/plain; charset=utf-8 < Date: Sat, 01 Aug 2020 21:03:49 GMT < Request-Time: 1 < Server: nginx/1.4.6 (Ubuntu) < Content-Length: 32 < Connection: keep-alive < * Connection #0 to host go.paytraq.com left intact
This should work:
$client->request('GET', '/api/clients', ['query' => [
'APIToken' => $APIToken,
'APIKey' => $APIkey]
]);
I am trying to check whether my requests are using TLS version >1. While curl command line gives me this information in the verbose output, php does not seem to be.
This is my PHP curl verbose output when the connection is initiated
* About to connect() to *** port 443 (#0)
* Trying 88.*.*.*... * connected
* Connected to *** (88.*.*.*) port 443 (#0)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: ***
* start date: Dec 21 18:43:21 2015 GMT
* expire date: Dec 21 18:38:18 2016 GMT
* common name: ***
* issuer: CN=Verizon Akamai SureServer CA G14-SHA2,OU=Cybertrust,O=Verizon Enterprise Solutions,L=Amsterdam,C=NL
* Server auth using Basic with user '***'
> GET /my/path HTTP/1.1
Authorization: ***
Host: ***
Accept: */*
< HTTP/1.1 200 OK
< Server: ***
< Content-Type: application/json;charset=utf-8
< Content-Length: 3733
< Expires: Wed, 03 Feb 2016 15:24:49 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Wed, 03 Feb 2016 15:24:49 GMT
< Connection: keep-alive
<
* Connection #0 to host *** left intact
* Closing connection #0
How can I say what is the TLS used in a connection? I would like to avoid using any 3rd party options like making request to https://www.howsmyssl.com/a/check
The trouble showed itself yesterday - getting following answer from curl (called in php script by curl_exec):
$<errno>35</errno>
$<error>Unknown SSL protocol error in connection to w3s.webmoney.ru:443 </error>
That bug happens only sometimes, something around 4-5 valid responses to one invalid with 35 error. Before yesterday application was handling those requests correctly for a very long time.
Hope someone will give me a hint about possible reasons of that bug.
P.S. We are suffering from internet connection problems lately, can it be somehow connected to that bug?
Upd:
Setting verbose output to true made curl to write following log:
* About to connect() to w3s.webmoney.ru port 443 (#0)
* Trying 82.198.171.158... * connected
* Connected to w3s.webmoney.ru (82.198.171.158) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ${path}/WebMoneyCA.crt
CApath: /etc/ssl/certs
* SSL connection using RC4-MD5
* Server certificate:
* subject: C=RU; O=WebMoney Transfer; OU=WebMoney Web Service; CN=w3s.webmoney.ru
* start date: 2010-06-07 10:03:43 GMT
* expire date: 2012-06-07 10:13:43 GMT
* common name: w3s.webmoney.ru (matched)
* issuer: OU=WM Transfer Certification Services; O=WM Transfer Ltd; CN=WebMoney Transfer Root CA
* SSL certificate verify ok.
> POST /asp/XMLPurses.asp HTTP/1.1
Host: w3s.webmoney.ru
Accept: */*
Content-Length: 281
Content-Type: application/x-www-form-urlencoded
< HTTP/1.1 200 OK
< Date: Fri, 10 Dec 2010 13:00:04 GMT
< Server: Microsoft-IIS/6.0
< X-Powered-By: ASP.NET
< Content-Length: 4423
< Content-Type: text/xml; Charset=windows-1251
< Expires: Fri, 10 Dec 2010 13:00:04 GMT
< Set-Cookie: ASPSESSIONIDQADQDTAQ=FJMNECHBENFFAADHEHPFOKAE; path=/
< Cache-control: private
<
* Connection #0 to host w3s.webmoney.ru left intact
* Closing connection #0
* About to connect() to w3s.webmoney.ru port 443 (#0)
* Trying 212.158.173.158... * connected
* Connected to w3s.webmoney.ru (212.158.173.158) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ${path}/WebMoneyCA.crt
CApath: /etc/ssl/certs
* Unknown SSL protocol error in connection to w3s.webmoney.ru:443
* Closing connection #0
Upd:
The trouble was not on our side. The problem was hidden somewhere in w3s.webmoney.ru, in 212.158.173.158 server. I'll add more details about the bug if information will be available.
Got the following response from WM support people:
"There are four IP addresses on hostname w3s.webmoney.ru. When a request ends up on 212.158.173.158, SSL is getting killed by a piece of anti-DDoS hardware at the provider's. The problem was localized, they're now trying to fix it."
I am using curl to send xml requests to API from Emailvision. I am having trouble lately where some requests result in "500 Internal Server Error", while others are sent without any errors.
The output of verbose is pasted below, can someone please help me interpret what might be causing the error.
* About to connect() to api.notificationmessaging.com port 443
* Trying 81.92.116.8... * connected
* Connected to api.notificationmessaging.com (81.92.116.8) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=FR/ST=Hauts de Seine/L=Clichy/O=Emailvision/OU=Provided by TBS INTERNET http://www.tbs-certificats.com//CN=*.notificationmessaging.com
* start date: 2008-09-20 09:09:15 GMT
* expire date: 2010-09-20 09:09:15 GMT
* issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server#thawte.com
* SSL certificate verify ok.
POST /NMSXML HTTP/1.1
Host: api.notificationmessaging.com
Accept: */*
Content-Length: 2177
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
HTTP/1.1 100 Continue
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 2177 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 HTTP/1.1 200 OK
Date: Wed, 15 Sep 2010 05:15:53 GMT
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Type: application/xml;charset=utf-8
Content-Length: 82
Connection: close
100 2259 0 82 100 2177 969 25745 --:--:-- --:--:-- --:--:-- 80629* Closing connection #0
* About to connect() to api.notificationmessaging.com port 443
* Trying 81.92.116.8... * connected
* Connected to api.notificationmessaging.com (81.92.116.8) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=FR/ST=Hauts de Seine/L=Clichy/O=Emailvision/OU=Provided by TBS INTERNET http://www.tbs-certificats.com//CN=*.notificationmessaging.com
* start date: 2008-09-20 09:09:15 GMT
* expire date: 2010-09-20 09:09:15 GMT
* issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server#thawte.com
* SSL certificate verify ok.
POST /NMSXML HTTP/1.1
Host: api.notificationmessaging.com
Accept: */*
Content-Length: 21942
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
HTTP/1.1 100 Continue
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 21942 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 HTTP/1.1 500 Internal Server Error
Date: Wed, 15 Sep 2010 05:15:52 GMT
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Type: text/xml
Content-Length: 0
Connection: close
100 21942 0 0 100 21942 0 216k --:--:-- --:--:-- --:--:-- 535k* Closing connection #0
* About to connect() to api.notificationmessaging.com port 443
* Trying 81.92.116.8... * connected
* Connected to api.notificationmessaging.com (81.92.116.8) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=FR/ST=Hauts de Seine/L=Clichy/O=Emailvision/OU=Provided by TBS INTERNET http://www.tbs-certificats.com//CN=*.notificationmessaging.com
* start date: 2008-09-20 09:09:15 GMT
* expire date: 2010-09-20 09:09:15 GMT
* issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server#thawte.com
* SSL certificate verify ok.
POST /NMSXML HTTP/1.1
Host: api.notificationmessaging.com
Accept: */*
Content-Length: 11602
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
HTTP/1.1 100 Continue
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 11602 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 HTTP/1.1 500 Internal Server Error
Date: Wed, 15 Sep 2010 05:15:52 GMT
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Type: text/xml
Content-Length: 0
Connection: close
100 11602 0 0 100 11602 0 118k --:--:-- --:--:-- --:--:-- 306k* Closing connection #0
* About to connect() to api.notificationmessaging.com port 443
* Trying 81.92.116.8... * connected
* Connected to api.notificationmessaging.com (81.92.116.8) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=FR/ST=Hauts de Seine/L=Clichy/O=Emailvision/OU=Provided by TBS INTERNET http://www.tbs-certificats.com//CN=*.notificationmessaging.com
* start date: 2008-09-20 09:09:15 GMT
* expire date: 2010-09-20 09:09:15 GMT
* issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server#thawte.com
* SSL certificate verify ok.
POST /NMSXML HTTP/1.1
Host: api.notificationmessaging.com
Accept: */*
Content-Length: 2178
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
HTTP/1.1 100 Continue
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 2178 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 HTTP/1.1 200 OK
Date: Wed, 15 Sep 2010 05:15:53 GMT
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Type: application/xml;charset=utf-8
Content-Length: 82
Connection: close
100 2260 0 82 100 2178 777 20644 --:--:-- --:--:-- --:--:-- 45375* Closing connection #0
* About to connect() to api.notificationmessaging.com port 443
* Trying 81.92.116.8... * connected
* Connected to api.notificationmessaging.com (81.92.116.8) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=FR/ST=Hauts de Seine/L=Clichy/O=Emailvision/OU=Provided by TBS INTERNET http://www.tbs-certificats.com//CN=*.notificationmessaging.com
* start date: 2008-09-20 09:09:15 GMT
* expire date: 2010-09-20 09:09:15 GMT
* issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server#thawte.com
* SSL certificate verify ok.
POST /NMSXML HTTP/1.1
Host: api.notificationmessaging.com
Accept: */*
Content-Length: 2178
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
HTTP/1.1 100 Continue
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 2178 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
And below is the curl snippet I am using to make requests.
curl_setopt($ch,
CURLOPT_URL,'https://api.notificationmessaging.com/NMSXML');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sXML);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 600);
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_NOPROGRESS, 0);
$res = curl_exec($ch);
Can someone please help.
Thanks
UPDATE:
Found that the problem is with some characters like รข in the xml, as pointed out by Mark. Now is there a way to remove/convert all chars not recognized in xml?
A 500 means there is a programming error with their system, not yours. It could be caused by you sending bad parameters, but they should be dealing with that in a different way.
I'd inform the company that something you are doing is causing a 500, and they should be able to fix it on their end.