OVERVIEW:
The code is about making call to the escreen web service using SOAP and Curl with client authentication required. Currently I am not getting any result only HTTP 403 and 500 errors.
The call requires client authenticate cert to be on the callng site.
CODE:
$content = "<TicketRequest>
<Version>1.0</Version>
<Mode>Test</Mode>
<CommitAction></CommitAction>
<PartnerInfo>
<UserName>xxxxxxxxxx</UserName>
<Password>xxxxxxxxxxx</Password>
</ PartnerInfo>
<RequestorOrderID></RequestorOrderID>
<CustomerIdentification>
<IPAddress></IPAddress>
<ClientAccount>xxxxxxxxxx</ClientAccount>
<ClientSubAccount>xxxxxxxxxx</ClientSubAccount>
<InternalAccount></InternalAccount>
<ElectronicClientID></ElectronicClientID>
</CustomerIdentification>
<TicketAction>
<Type></Type>
<Params>
<Param>
<ID>4646</ID>
<Value></Value>
</Param>
</Params>
</TicketAction>
</TicketRequest>";
$wsdl = "https://services.escreen.com/SingleSignOnStage/SingleSignOn.asmx";
$headers = array( "Content-type: text/xml;charset=\"utf-8\"",
"Accept: text/xml",
"Cache-Control: no-cache",
"Pragma: no-cache",
// "SOAPAction: \"\"",
"Content-length: ".strlen($content),
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wsdl);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
//curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
//curl_setopt($ch, CURLOPT_HTTPHEADER, array('SOAPAction: ""'));
curl_setopt($ch, CURLOPT_CAPATH, '/home/pps/');
curl_setopt($ch, CURLOPT_CAINFO, '/home/pps/authority.pem');
curl_setopt($ch, CURLOPT_SSLCERT, 'PROTPLUSSOL_SSO.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'xxxxxxxxxxxx');
$output = curl_exec($ch);
// Check if any error occured
if(curl_errno($ch))
{
echo 'Error no : '.curl_errno($ch).' Curl error: ' . curl_error($ch);
}
print_r($output);
QUESTIONS:
I need to call the RequestTicket method and pass the XML string to it.
I don't know how to do it here(pass the method name to call).
For client authentication they gave us three certs, one root cert, one intermediate
cert and a client authentication cert PROTPLUSSOL_SSOpem(it was a .pfx file). Since we are on linux we converted them to pem . In curl calls I could not find way to how to include both the root cert and the intermediate cert ,so I combined them by making a new pem file and copying the intermediate cert and them the root cert and naming it authority.pem .
I am not sure whether it works or not and would like your opinion.
For the current code Iam getting the error
Error no : 77 Curl error: error setting certificate verify locations: CAfile: /home/pps/authority.pem CApath: /home/pps/
If I disable the curl error message,I am getting blank page with page title 403 - Forbidden. Access is denied.
If I comment out the CURLOPT_CAPATH and CURLOPT_CAINFO lines it gives http 500 error page with the message as content and the following at the top.
HTTP/1.1 500 Internal Server Error. Cache-Control: private Content-Type: text/html Server: Microsoft-IIS/7.5 X-AspNet-Version: 1.1.4322 X-Powered-By: ASP.NET Date: Thu, 02 Sep 2010 14:46:38 GMT Content-Length: 1208
If I comment out as above and also CURLOPT_SSLCERT and CURLOPT_SSLCERTPASSWD it gives 403 error with the message as content.
So I would request you to help me out by pointing out whats wrong with the current code.
Thank you.
PHP comes with a soap client:
http://php.net/manual/en/book.soap.php
You can tell it to use a certificate, by passing an option local_cert to the constructor.
Related
I am connected to a vendor (for accessing their API) through a NAT. I can easily access the APIs through http, now for production, https is required. However, when I make the API request to the vendor's endpoint with https enabled, below is the errors:
When SSL Verification is enabled:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://xyz.xyz.xyz.xyz:18423/interface//request
When SSL Verification is disabled:
cURL Error #:OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
I have taken the following steps to set up the SSL.
Step 1: I have first generated the SSL Certificate request and private key with openssl as below:-
-
openssl req -new -newkey rsa:2048 -nodes -keyout mycompany.key -out mycompany.csr
NOTE: The FQDN used api.mycompany.com does not exist. My server is accessed through my private IP address within the network only. (The vendor can reach me for a callback through the NAT)
Step 2: I have sent the CSR only to the vendor to sign
Step 3: Vendor signed the request and sent back the following files:
1.mydomain.cer
2.mydomain.p7b
3.broker_vendor_com.crt
4.DigiCertCA.crt
Step 4: I have decoded the mydomain.cer
I Followed Nginx: Create CSR & Install SSL Certificate (OpenSSL)
Step 5: I combined the mydomain.cer and DigitCert.cer into new file bundle.crt
Step 6: I added the bundle.crt and mycompany.key into my nginx server as below
ssl_certificate /etc/ssl/bundle.crt;
ssl_certificate_key /etc/ssl/salaammfbank.key;
I tried disabling the verification and I get the errors stated above. When I make normal curl request on the terminal using
curl -kv https://xyz.xyz.xyz.xyz:18423/interface//request
I can reach the endpoint with valid response status 200.
Below is the php curl request that returns
cURL Error #:OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
and when verification is enabled
cURL Error #:SSL certificate problem: unable to get local issuer certificate
$url = 'https://xyz.xyz.xyz.xyz:18423/interface//request';
$body = '';
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 40,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => $body,
CURLOPT_HTTPHEADER => ["Accept: application/json", "Content-Type: application/xml"]
]);
#curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
#curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
What am I missing to be able to reach the vendor endpoints through https from my server?
After a long weekend of trying to figure this out, I was able to hit the vendor endpoint through laravel Http facade to make the request and disabled the verification.
$response = Http::withOptions([
'verify' => false,
])->withBody($this->ParseCreateTransactionXml($data),'text/xml')->post($url);
I have also tested with, and returned expected response using below curl:-
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->ParseCreateTransactionXml($data));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 2);
$response = curl_exec($ch);
I have not made any other changes in the rest of the code. I am not so sure why the code in the question was not working.
I'm getting the classic php curl error "unable to get local issuer certificate".
Here are some more information from the curl debug:
Trying 133.7.42.21...
TCP_NODELAY set
Connected to example.adress.com (133.7.42.21) port 443 (#0)
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
successfully set certificate verify locations:
CAfile: C:\some_absolute_path\cacert.pem
CApath: none
SSL certificate problem: unable to get local issuer certificate
Curl_http_done: called premature == 1\n* Closing connection 0\n
As you can see the i tried to used the "cacert.pem" file from Mozilla.
I tried all of them but none of them worked.
The PHP Code:
$curl = curl_init($location);
//set verifier from interface host
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
//set host global certificate
curl_setopt($curl, CURLOPT_CAINFO, $globla_cert);
//set certificate
curl_setopt($curl, CURLOPT_SSLCERT, $ssl_cert);
//set private key
curl_setopt($curl, CURLOPT_SSLKEY, $ssl_cert_key);
//set private key password
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $ssl_cert_password);
//set curl debug output
curl_setopt($curl, CURLOPT_VERBOSE, true);
$verbose = fopen('php://temp', 'w+');
curl_setopt($curl, CURLOPT_STDERR, $verbose);
//curl_setopt($curl, CURLINFO_HEADER_OUT, true);
//set ssl version
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $request);
curl_setopt($curl, CURLOPT_HEADER, FALSE);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT_MS, $connecttimeout);
$response = curl_exec($curl);
It will work without the Global cert when i disable CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST but this is a NOGO
I'm currently using XAMPP with PHP Version 7.0.15.
The Apache has the mod_ssl enabled.
PHP has the openssl and the curl extension enabled.
Things that i tried:
Set the path inside the php.ini:
openssl.cainfo= "C:\some_absolute_path\cacert.pem"
openssl.cafile= "C:\some_absolute_path\cacert.pem"
Throw the cert in the default path that i got with var_dump(openssl_get_cert_locations());
That was "C:\openssl-1.0.2j-win32\ssl" for me.
Throw the cert in "C:\xampp\php"
Now i don't find anymore "fixes" that i can try, has someone an idea what it could be?
The problem is resolved.
It wasn't a technical problem. The certificate that i received for the Service wasn't valid anymore and the new certificate isn't in the "cacert.pem" from Mozilla like the old one.
I have a PHP script which uses CURL to log into a site with a simple login page. It sends an initial request to the site and sees if it's already logged in (due to cookies) or if the login page comes up - and if it does, logs in.
However, recently I noticed that every time the script runs it is never logged in. Deep diving into the headers using VERBOSE shows that the cookie in the COOKIEFILE/COOKIEJAR is never used, only the cookies that are received by the site for that particular session. If I manually add cookies to the cookiejar in the middle of the run (something that used to work) - it doesn't work anymore as the cookies in the COOKIEFILE aren't actually used.
This happens both locally and on the production server, meaning it doesn't seem to be a system issue. I created test versions for other login pages with the same results.
I use a fullpath to the cookie file (which is updated with cookies, just not used) and use curl_close().
Following is the CURL function:
private function curlPage($url, $postParameters) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postParameters);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEJAR, __DIR__.'/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, __DIR__.'/cookie.txt');
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTREDIR, 3);
if ($this->verbose == 1) curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->defaultTimeout);
curl_setopt($ch, CURLOPT_USERAGENT, $this->useragent);
$pageResponse = curl_exec($ch);
curl_close($ch);
return $pageResponse;
}
Following is the verbose response of the CURL request to the main page, where it is supposed to check whether or not it is logged in. As the site is of a client, I redacted it.
* Rebuilt URL to: *********
* Hostname was NOT found in DNS cache
* Trying : *********...
* Connected to : ********* (*********) port 80 (#0)
> GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
Host: *********
Accept: */*
< HTTP/1.1 200 OK
< Date: Wed, 20 Jul 2016 20:42:22 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=15
< Vary: Accept-Encoding
< Expires: Mon, 26 Jul 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store, must-revalidate
* Server ********* is not blacklisted
< Server: *********
<
As can be seen - no cookie in sight, despite having a COOKIEFILE available.
Any assistance would be highly appreciated.
The first you must make sure __DIR__ have write permission.
The second when you run code. You can check cookie.txt file had been create or not.
The third you must use ONE cookie for all session. So the victim know you logged in.
And try my source
$cookies = tempnam('/tmp','cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
So here's my problem.
I'm using curl to access my CouchDB by HTTP. I recently updated my WAMP to the WAMP 3 64bit wich comes with PHP 5.6.16 and Apache 2.4.17. Therefore, since this upgrade, I discovered that I couldn't do PUT request anymore.
Env
PHP 5.6.16
Apache 2.4.17
Windows 10 64 bit
Wamp 3 64 bit
Curl --version
curl 7.49.1 (x86_64-pc-win32) libcurl/7.49.1 OpenSSL/1.0.2h nghttp2/1.11.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM SSL HTTP2
Code executed
So when I execute this :
<?php
$table="testname";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost:5984/' . $table);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'validUser:validPass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: */*'
));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
I get a quick response from the server.
Then, I try to create a database :
<?php
$table = "testname";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost:5984/' . $table);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'validUser:validPass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: */*'
));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
Problem
So, when I execute this code, the request will hang on curl_exec.
What's weird is that, after the timeout, the request will be received by CouchDB but no response will be given. It seems that my "Put" request are stacked in a buffer and they are waiting to be executed.
Verbose curl output
* Hostname in DNS cache was stale, zapped
* Trying ::1...
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'validUser'
> PUT /customers HTTP/1.1
Host: localhost:5984
Authorization: Basic dGVzdEFkbWluOnRlc3RQYXNzd29yZA==
Content-type: application/json
Accept: */*
* Operation timed out after 10000 milliseconds with 0 bytes received
* Closing connection 0
Hints
-I try to install a SSL certificate but It didn't seem to work. Having this certificate still installed can cause problems?
-I can do PUT request with a REST client on my Atom editor without problems.
-I seems like there is a problem in my network route internally. I'm saying this because It affected the PHP-Curl aswell as the Curl CLI. Also, I'm able to do GET request but the PUT request are like "hanging" for no reason and are "Accepted" by my CouchDB when the timeout occurs. It's like if I was sending long poll request.
What have been tested
Execute the same command on the command line -> Same result
Try a REST Client on my Atom editor with success
A friend of mine try to access to my database remotly with success (So CouchDB doesn't seem the problem)
Even if I tested with my Firewall disabled, uninstalling my antivirus ( Bitdefender Total Security 2016) fixed my issue.
I have problems with "file_get_contents" and "cURL". When I make this:
$myFile = 'http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js';
$a=file_get_contents( $myFile );
I get this error:
Warning (2): file_get_contents
(http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js)
[function.file-get-contents]: failed to open stream:
HTTP request failed! HTTP/1.0 404 Not Found
[APP/Controller/MyController.php, line 1373]
Then I tried CURL like this:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $myFile);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_USERAGENT, $this->userAgent);
curl_setopt($curl_handle, CURLOPT_VERBOSE, true);
curl_setopt($curl_handle, CURLOPT_AUTOREFERER, true);
$a = curl_exec($curl);
curl_close($curl);
And I get this error:
404 Not Found: The resource requested could not be found on this server!
But when I write http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js to my browser's address bar, I get the file perfectly. The headers of the browser is like this:
Request URL:http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:tr,en-US;q=0.8,en;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Host:example.com
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.28 Safari/537.31
Query String Parameters
file[0]:myfile.js
Response Headers
Connection:close
Content-Length:15911
Content-Type:application/javascript; charset=UTF-8
Date:Fri, 29 Mar 2013 20:33:43 GMT
Server:Apache
X-Powered-By:PleskLin
I suspected file_get_contents and when I make this, I get output perfectly:
$d1 = file_get_contents("http://www.yahoo.com");
print_r($d1);
When I try cURL I get 404 error. How can I more diagnose why I get 404, despite that I get 200 from browser request.
This being hosted on a local computer? Or else where?
I was having an similar issue that my host determined to be an ISP down the line blocking my requests.