如何调试或修复cURL errno 35
[英]How to debug or fix cURL errno 35
问题描述
I am trying to make a cURL request in PHP to a URL. 
我正在尝试用PHP将cURL请求发送到URL。 Whatever I try I always get a cURL errno 35 (for a specific URI). 无论我尝试什么,我总是得到一个cURL errno 35 (针对特定的URI)。 The curl documentation has the following to say: curl文档有如下说法:
You really want the error buffer and read the message there as it pinpoints the problem slightly more.
However when trying to capture this information nothing seems to be returned. 但是,当试图捕获此信息时,似乎没有返回任何内容。
$client = curl_init('https://dev.kelunik.com/css/all.min.css')
$log = fopen('/srv/www/Requestable/data/curl-log.txt', 'a+');
curl_setopt($client, CURLOPT_VERBOSE, 1);
curl_setopt($client, CURLOPT_STDERR, $log);
curl_setopt($client, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($client, CURLOPT_SSL_VERIFYHOST, 2)
curl_setopt($client, CURLOPT_CAINFO, __DIR__ . '/../../../../data/default.pem');
curl_setopt($client, CURLOPT_FAILONERROR, false);
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
curl_setopt($client, CURLOPT_HEADER, true);
curl_setopt($client, CURLINFO_HEADER_OUT, true);
curl_setopt($client, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($client, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($client, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
if (!$response = curl_exec($client)) {
throw new CurlException('Making request failed: ' . curl_error($client) . '(' . curl_errno($client) . ')');
}
fclose($log);
The above code always throws the CurlException with errno 35, however the defined log file stays empty. 上面的代码总是使用errno 35抛出CurlException ,但是定义的日志文件保持为空。
When trying a different URI (with a certificate from the same CA) it just works ™. 当尝试不同的URI (使用来自同一CA的证书)时,它只能工作。 I also checked my root CA bundle which is fairly up2date: 我还检查了我的根CA捆绑,这是相当up2date:
Certificate data from Mozilla downloaded on: Wed Sep 3 03:12:03 2014
What else can I check to find out what in specific is causing the error? 还有什么可以检查以找出导致错误的具体内容?
Note: the URI can be requested both from a browser as well as from my local dev environment just fine 注意:可以从浏览器以及本地开发环境中请求URI
Note 2: I also tried it without manually setting a custom CA root bundle which resulted in the same error. 注意2:我也尝试了它而没有手动设置自定义CA根捆绑导致相同的错误。
OpenSSL version: OpenSSL版本:
Installed Packages
Name : openssl
Arch : x86_64
Version : 1.0.1e
Release : 30.el6_6.5
cURL version: cURL版本:
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
2 个解决方案
解决方案1
22 2015-02-09 22:42:18
The problem is unrelated to your certificate chains, it's the server configuration at dev.kelunik.com . 问题与您的证书链无关,它是dev.kelunik.com上的服务器配置。 The server is only accepting ECDHE ciphers ( ssllabs ). 服务器只接受ECDHE密码( ssllabs )。 The other server accepts a wider range of ciphers. 另一台服务器接受更广泛的密码。 ( ssllabs ). ( ssllabs )。 While your OpenSSL supports ECDHE, the version of cURL you're using is compiled with NSS, which doesn't. 虽然您的OpenSSL支持ECDHE,但您使用的cURL版本是使用NSS编译的,而NSS则没有。
You can compare the output with 您可以将输出与
curl https://dev.kelunik.com
and 和
openssl s_client -connect dev.kelunik.com:443 -servername dev.kelunik.com
You've got two solutions here without changing your distro. 你有两个解决方案在这里没有改变你的发行版。 If you've got access to the other server's configuration, you can change the SSL ciphers to use DHE/RSA ciphers. 如果您可以访问其他服务器的配置,则可以更改SSL密码以使用DHE / RSA密码。 The exact cipher list would depend on the server configuration - ssllabs has a good blog post on the subject. 确切的密码列表将取决于服务器配置 - ssllabs有关于该主题的好博客文章 。
Otherwise, you'll need to recompile cURL against OpenSSL to access all available ciphers. 否则,您需要针对OpenSSL重新编译cURL以访问所有可用的密码。 Basic instructions are available at http://curl.haxx.se/docs/install.html . 有关基本说明,请访问http://curl.haxx.se/docs/install.html 。
解决方案2
-1 2015-02-16 20:36:22
I put your code in a file test.php and run it on command line php test.php, it ran fine (printed "done" on command line). 我把你的代码放在一个文件test.php中并在命令行php test.php上运行,它运行正常(在命令行上打印“完成”)。
Here is the content of the test.php (minor modifications from your code). 以下是test.php的内容(代码中的小修改)。 my php has version Zend Engine v2.4.0 and it runs on Ubuntu 12.04. 我的php有版本Zend Engine v2.4.0,它运行在Ubuntu 12.04上。
<?php>
$client = curl_init('https://dev.kelunik.com/css/all.min.css');
$log = fopen('/tmp/curl-log.txt', 'a+');
curl_setopt($client, CURLOPT_VERBOSE, 1);
curl_setopt($client, CURLOPT_STDERR, $log);
curl_setopt($client, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($client, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($client, CURLOPT_CAINFO, "/etc/ssl/certs/ssl-cert-snakeoil.pem");
curl_setopt($client, CURLOPT_FAILONERROR, false);
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
curl_setopt($client, CURLOPT_HEADER, true);
curl_setopt($client, CURLINFO_HEADER_OUT, true);
curl_setopt($client, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($client, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($client, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
if (!$response = curl_exec($client)) {
throw new CurlException('Making request failed: ' . curl_error($client) . '(' . curl_errno($client) . ')');
} else {
echo "done!\n";
}
fclose($log);
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.