curl and ssl: curl no data over https (GET, or POST)
Question
I have some weird issue with curl and ssl. I have this PHP script on my Ec2 AMZ AMI machine:
<?php
$ch = curl_init();
$url = 'https://rubenortiz.es/';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_FAILONERROR,true);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
if ($output === false || $info['http_code'] != 200) {
$output .= "No cURL data returned for $url [". $info['http_code']. "]";
if (curl_error($ch))
$output .= "\n". curl_error($ch);
}
else {
// 'OK' status; format $output data if necessary here:
$output .= 'OK';
}
print_r($output);
// then return or display the single string $output
?>
Error:
No cURL data returned for https
This happens when I execute the script over Nginx PhP-FPM from outside the EC2, from my laptop for example.
But If I run same script over php-cli it works!!!
[root@ ~]# php /home/webs//test.php
HTTP/1.1 200 OK
Server: nginx/1.13.3
Date: Fri, 18 Aug 2017 09:27:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.31
Vary: Accept-Encoding, Cookie
Cache-Control: max-age=3, must-revalidate
to sum up
- EC2 PHP-FPM curl -> some domain over ssl = FAILS
- EC2 PHP-FPM curl -> some domain over non ssl = I GET DATA!
- EC2 PHP-CLI curl -> some domain over ssl = I GET DATA!
EC2 PHP-CLI curl -> some domain over non ssl = I GET DATA!
PHP 5.6.26 (cli) (built: Oct 6 2016 19:48:12) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
OpenSSL 1.0.1g-fips 7 Apr 2014
curl-7.51.0-6.74.amzn1.x86_64
- python26-pycurl-7.19.0-17.12.amzn1.x86_64
- libcurl-7.51.0-6.74.amzn1.x86_64
- python27-pycurl-7.19.0-17.12.amzn1.x86_64
If you take a look on the $url you'll see this is a https connection. If I change this I get the data without problem. No matter what url I test, if it is https curl is unable to give me the info.
The funny thing is that this script on another of my EC2 works perfect. I have checked a lot of stuff, rpm package, versions of php, fpm, nginx, etc
The only different thing is in the EC2 machine which gives me an error I ran yum update command and some library has more recent version. But shall not be a very big deal.
So the whole point is, for some reason, I'm unable to get data from remote urls over SSL curl PHP-FPM, sounds tricky, I've already spent lot of hours debugging, with no success :S
Any ideas?
Thanks!
UPDATE:
I ran yum update to upgrade some package recently, list of packages erased
Aug 14 07:07:47 Erased: python-boto-2.28.0-1.0.amzn1.noarch
Aug 14 07:07:47 Erased: python-requests-1.2.3-5.7.amzn1.noarch
Aug 14 07:07:47 Erased: python-urllib3-1.7-4.6.amzn1.noarch
Aug 14 07:07:47 Erased: python-backports-ssl_match_hostname-3.4.0.2-1.5.amzn1.noarch
Aug 14 07:07:48 Erased: python-paramiko-1.7.5-2.1.4.amzn1.noarch
Aug 14 07:07:48 Erased: python-crypto-2.6.1-1.7.amzn1.x86_64
Aug 14 07:07:48 Erased: newt-python-0.52.11-3.7.amzn1.x86_64
Aug 14 07:07:48 Erased: python-simplejson-3.3.0-1.5.amzn1.x86_64
Aug 14 07:07:48 Erased: python-backports-1.0-3.2.amzn1.x86_64
Aug 14 07:07:48 Erased: pystache-0.5.3-2.3.amzn1.noarch
Aug 14 07:07:48 Erased: python-ordereddict-1.1-2.2.amzn1.noarch
Aug 14 07:07:48 Erased: python-six-1.2.0-1.3.amzn1.noarch
Aug 14 07:07:48 Erased: python-chardet-2.0.1-1.2.amzn1.noarch
Aug 14 07:07:48 Erased: python-argparse-1.2.1-2.2.amzn1.noarch
Aug 14 07:07:48 Erased: python-rsa-3.1.2-4.3.amzn1.noarch
Aug 14 07:07:48 Erased: python-setuptools-0.6.10-3.11.amzn1.noarch
Aug 14 07:07:48 Erased: python-urlgrabber-3.9.1-9.10.amzn1.noarch
Aug 14 07:07:48 Erased: python-iniparse-0.3.1-2.1.7.amzn1.noarch
Aug 14 07:07:48 Erased: rpm-python-4.11.2-2.54.amzn1.x86_64
Aug 14 07:07:49 Erased: python-pycurl-7.19.0-8.7.amzn1.x86_64
Aug 14 07:07:49 Erased: pyxattr-0.5.0-1.4.amzn1.x86_64
Aug 14 07:07:49 Erased: pygpgme-0.1-18.20090824bzr68.8.amzn1.x86_64
Aug 14 07:07:49 Erased: pyliblzma-0.5.3-3.6.amzn1.x86_64
Aug 14 07:07:49 Erased: 1:python-2.6-2.26.amzn1.noarch
maybe someone see some clue here?
2 answers
solution1
0 2017-08-18 09:31:38
You have to add CURLOPT_SSL_VERIFYPEER to false when url is https
$ch = curl_init();
$url = 'https://rubenortiz.es/';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_FAILONERROR,true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //<----Add this line
$output = curl_exec($ch);
$info = curl_getinfo($ch);
if ($output === false || $info['http_code'] != 200) {
$output .= "No cURL data returned for $url [". $info['http_code']. "]";
if (curl_error($ch))
$output .= "\n". curl_error($ch);
}
else {
// 'OK' status; format $output data if necessary here:
$output .= 'OK';
}
print_r($output);
?>
Note: It is advisable to use ssl certificate and include in in curl to prevent your data
curl_setopt($ch, CURLOPT_CAINFO, "/path/to_certificate");
solution2
-1 2017-08-18 09:56:01
really appreciate your comments and effort on this question. I can actually answer my question. The problem was kind of tricky. I ran a yum update some days ago for update some third package like "s3cmd". Well, I don't know what happened then I'm sure it broke something. Then I thought to give it a try and run again full yum update. And voila!
Now same script is working.
Again, thanks for the help!
Regards,
R
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.