php - curl and ssl: curl no data over https (GET, or POST) -


i have weird issue curl , ssl. have php script on ec2 amz ami machine:

<?php $ch = curl_init(); $url = 'https://rubenortiz.es/'; curl_setopt($ch, curlopt_url, $url); curl_setopt($ch, curlopt_returntransfer, false); curl_setopt($ch, curlopt_nobody, true); curl_setopt($ch, curlopt_header, 1); curl_setopt($ch,curlopt_failonerror,true);  $output = curl_exec($ch); $info = curl_getinfo($ch);  if ($output === false || $info['http_code'] != 200) {   $output .= "no curl data returned $url [". $info['http_code']. "]";   if (curl_error($ch))     $output .= "\n". curl_error($ch);   } else {   // 'ok' status; format $output data if necessary here:   $output .= 'ok'; } print_r($output); // return or display single string $output ?>  error: no curl data returned https

this happens when execute script over nginx php-fpm outside ec2, laptop example.

but if run same script on php-cli works!!!

[root@ ~]# php /home/webs//test.php http/1.1 200 ok server: nginx/1.13.3 date: fri, 18 aug 2017 09:27:45 gmt content-type: text/html; charset=utf-8 connection: keep-alive x-powered-by: php/5.6.31 vary: accept-encoding, cookie cache-control: max-age=3, must-revalidate

to sum up

  • ec2 php-fpm curl -> domain on ssl = fails
  • ec2 php-fpm curl -> domain on non ssl = i data!
  • ec2 php-cli curl -> domain on ssl = i data!

  • ec2 php-cli curl -> domain on non ssl = i data!

    php 5.6.26 (cli) (built: oct 6 2016 19:48:12) copyright (c) 1997-2016 php group zend engine v2.6.0, copyright (c) 1998-2016 zend technologies zend opcache v7.0.6-dev, copyright (c) 1999-2016, zend technologies

    openssl 1.0.1g-fips 7 apr 2014

  • curl-7.51.0-6.74.amzn1.x86_64

  • python26-pycurl-7.19.0-17.12.amzn1.x86_64
  • libcurl-7.51.0-6.74.amzn1.x86_64
  • python27-pycurl-7.19.0-17.12.amzn1.x86_64

if take on $url you'll see https connection. if change data without problem. no matter url test, if https curl unable give me info.

the funny thing script on of ec2 works perfect. have checked lot of stuff, rpm package, versions of php, fpm, nginx, etc

the different thing in ec2 machine gives me error ran yum update command , library has more recent version. shall not big deal.

so whole point is, reason, i'm unable data remote urls on ssl curl php-fpm, sounds tricky, i've spent lot of hours debugging, no success :s

any ideas?

thanks!

update:

i ran yum update upgrade package recently, list of packages erased

aug 14 07:07:47 erased: python-boto-2.28.0-1.0.amzn1.noarch aug 14 07:07:47 erased: python-requests-1.2.3-5.7.amzn1.noarch aug 14 07:07:47 erased: python-urllib3-1.7-4.6.amzn1.noarch aug 14 07:07:47 erased: python-backports-ssl_match_hostname-3.4.0.2-1.5.amzn1.noarch aug 14 07:07:48 erased: python-paramiko-1.7.5-2.1.4.amzn1.noarch aug 14 07:07:48 erased: python-crypto-2.6.1-1.7.amzn1.x86_64 aug 14 07:07:48 erased: newt-python-0.52.11-3.7.amzn1.x86_64 aug 14 07:07:48 erased: python-simplejson-3.3.0-1.5.amzn1.x86_64 aug 14 07:07:48 erased: python-backports-1.0-3.2.amzn1.x86_64 aug 14 07:07:48 erased: pystache-0.5.3-2.3.amzn1.noarch aug 14 07:07:48 erased: python-ordereddict-1.1-2.2.amzn1.noarch aug 14 07:07:48 erased: python-six-1.2.0-1.3.amzn1.noarch aug 14 07:07:48 erased: python-chardet-2.0.1-1.2.amzn1.noarch aug 14 07:07:48 erased: python-argparse-1.2.1-2.2.amzn1.noarch aug 14 07:07:48 erased: python-rsa-3.1.2-4.3.amzn1.noarch aug 14 07:07:48 erased: python-setuptools-0.6.10-3.11.amzn1.noarch aug 14 07:07:48 erased: python-urlgrabber-3.9.1-9.10.amzn1.noarch aug 14 07:07:48 erased: python-iniparse-0.3.1-2.1.7.amzn1.noarch aug 14 07:07:48 erased: rpm-python-4.11.2-2.54.amzn1.x86_64 aug 14 07:07:49 erased: python-pycurl-7.19.0-8.7.amzn1.x86_64 aug 14 07:07:49 erased: pyxattr-0.5.0-1.4.amzn1.x86_64 aug 14 07:07:49 erased: pygpgme-0.1-18.20090824bzr68.8.amzn1.x86_64 aug 14 07:07:49 erased: pyliblzma-0.5.3-3.6.amzn1.x86_64 aug 14 07:07:49 erased: 1:python-2.6-2.26.amzn1.noarch

maybe see clue here?

you have add curlopt_ssl_verifypeer false when url https

$ch = curl_init(); $url = 'https://rubenortiz.es/'; curl_setopt($ch, curlopt_url, $url); curl_setopt($ch, curlopt_returntransfer, false); curl_setopt($ch, curlopt_nobody, true); curl_setopt($ch, curlopt_header, 1); curl_setopt($ch,curlopt_failonerror,true); curl_setopt($ch, curlopt_ssl_verifypeer, false); //<----add line  $output = curl_exec($ch); $info = curl_getinfo($ch);  if ($output === false || $info['http_code'] != 200) {   $output .= "no curl data returned $url [". $info['http_code']. "]";   if (curl_error($ch))     $output .= "\n". curl_error($ch);   } else {   // 'ok' status; format $output data if necessary here:   $output .= 'ok'; } print_r($output); ?>

note: advisable use ssl certificate , include in in curl prevent data 

curl_setopt($ch, curlopt_cainfo, "/path/to_certificate");

Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more