Asked  8 Months ago    Answers:  5   Viewed   62 times

i'm trying to make post to an external url using curl, the externa page use https, here is the desc of the server i'm using

Server Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.3.0

the external url make a redirect to another url that i send in the post, but everytime i try i get this error

curl_errno=35 (Unknown SSL protocol error in connection to [secure site]:443)

so i check the firebug for the response and it say

Failed to load source for: http://localhost/3Party/PHP_VPC_3Party_Auth_Capture_Order_DO.php

Here is the code I'm using

ob_start();

// initialise Client URL object
$ch = curl_init();
// set the URL of the VPC

curl_setopt ($ch, CURLOPT_URL, $vpcURL);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $this->postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);  
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_exec ($ch);
if (curl_error($ch)) {
    $this->errorMessage = 
        "curl_errno=". curl_errno($ch) . " (" . curl_error($ch) . ")";
}
curl_close ($ch);

 Answers

55

After a few weeks dealing with this issue, i was able to at least establish the connection, i don't know if it is the real answer but it works for me, i just added to the example above, the options to use proxy, just like this

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM );
curl_setopt($ch, CURLOPT_PROXY, 'my.proxy');
curl_setopt($ch, CURLOPT_PROXYPORT, 'my.port');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, 'domainuser:password');  

hope this can help

Wednesday, March 31, 2021
 
inieto
answered 8 Months ago
66

That's an interesting problem.

If you query SSLLabs for this site you will see, that it only supports various ECDHE-ECDSA-* ciphers and no other ciphers. But, in the version history of curl you will find a bug with ECC ciphers and the NSS library (which you use) which is only fixed in curl version 7.36 "nss: allow to use ECC ciphers if NSS implements them".

Since you are using curl 7.19.7 your curl is too old to use the necessary ciphers together with the NSS library. This means you need to upgrade your curl library.

Wednesday, March 31, 2021
 
mozlima
answered 8 Months ago
55

I had the same problem, unfortunately with a host unwilling to upgrade to php 5.5.

I solved it by creating a new class extending php's SoapClient to use cURL:

/**
 * New SoapClient class.
 * This extends php's SoapClient,
 * overriding __doRequest to use cURL to send the SOAP request.
 */
class SoapClientCurl extends SoapClient {

  public function __doRequest($request, $location, $action, $version, $one_way = NULL) {
$soap_request = $request;
$header = array(
  'Content-type: application/soap+xml; charset=utf-8',
  "Accept: text/xml",
  "Cache-Control: no-cache",
  "Pragma: no-cache",
  "SOAPAction: "$action"",
  "Content-length: " . strlen($soap_request),
);
$soap_do = curl_init();
$url = $location;
$options = array(
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HEADER => FALSE,
  //CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_SSL_VERIFYHOST => 0,
  CURLOPT_SSL_VERIFYPEER => FALSE,
  CURLOPT_RETURNTRANSFER => TRUE,
  //CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
  CURLOPT_VERBOSE => true,
  CURLOPT_POST => TRUE,
  CURLOPT_URL => $url,
  CURLOPT_POSTFIELDS => $soap_request,
  CURLOPT_HTTPHEADER => $header,
  CURLOPT_FAILONERROR => TRUE,
  CURLOPT_SSLVERSION => 3,
);

curl_setopt_array($soap_do, $options);
$output = curl_exec($soap_do);
if ($output === FALSE) {
  $err = 'Curl error: ' . curl_error($soap_do);
}
else {
  ///Operation completed successfully
}
curl_close($soap_do);

// Uncomment the following line to let the parent handle the request.
//return parent::__doRequest($request, $location, $action, $version);
return $output;
  }

}
Wednesday, August 11, 2021
 
xrdty
answered 3 Months ago
47

The problem is probably not curl but an incomplete trust chain because of missing chain certificates. Desktop browsers have less problems with this because they cache such certificates when visiting other sites and some browsers even download missing certificates.

Header over to SSLLabs and check the site. Look out for "Chain Issues".

If my answer is wrong please add the relevant URL and also the version of curl you use, so that one can have a closer look.

Wednesday, August 18, 2021
 
d8aninja
answered 3 Months ago
18

To Rudi : Thanks for the hint, that tells me a hell lot of info.

Somehow the admin of the secured page "refreshes" the state of certifications every day. So although I got blocked from accessing it yesterday, it generously lets me to grab another certificate and add it to the exception list of Firefox.

So everything is working, and I really learn something from yesterday's experience.

Monday, September 27, 2021
 
KingCrunch
answered 1 Month ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share