PHP :: Bug #46644 :: https cURL failure

Bug #46644	https cURL failure
Submitted:	2008-11-22 16:31 UTC	Modified:	2008-12-04 01:57 UTC
From:	brian dot bream at comcast dot net	Assigned:
Status:	Closed	Package:	cURL related
PHP Version:	5.2CVS-2008-11-24	OS:	Solaris 10 08/07 x86
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	brian dot bream at comcast dot net
New email:
PHP Version:		OS:

New Comment:

[2008-11-22 16:31 UTC] brian dot bream at comcast dot net

Description:
------------
Attempts to use cURL to an https site fails from within php, functions properly from the command line. cURL to an http site works in both locations.

'./configure' '--with-apxs2=/usr/apache2/bin/apxs' '--enable-dbase' '--with-libxml-dir=/usr/local' '--with-config-file-path=/etc/apache2' '--with-mysql=shared,/opt/csw/mysql5' '--with-mysqli=shared,/opt/csw/mysql5/bin/mysql_config' '--with-xpm-dir=/usr' '--with-gd' '--with-bz2=/usr/lib' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-zlib' '--enable-mbstring' '--enable-calendar' '--enable-bcmath' '--enable-ftp' '--enable-exif' '--with-openssl=shared,/usr/sfw' '--with-curl=/usr/local/bin/' '--with-pdo-mysql=shared,/opt/csw/mysql5/'

phpinfo at http://preferredsystems.com/phpinfo.php



Expected result:
----------------
A successful https connection to any site.

Actual result:
--------------
A curl test to an https site returns: Errors: 35 error:80089077:lib(128):func(137):reason(119)

This test was run at http://preferredsystems.com/curl_test.php making a call to https:secure.authorize.net

From the command line it works properly

bash-3.00# curl -v https://secure.authorize.net
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.32... connected
* Connected to secure.authorize.net (64.94.118.32) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
.....

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-11-24 04:21 UTC] brian dot bream at comcast dot net

checking for cURL support... yes
checking if we should use cURL for url streams... no
checking for cURL in default path... found in /usr/local
checking for cURL 7.10.5 or greater... libcurl 7.19.2
checking for SSL support in libcurl... yes
checking how to run the C preprocessor... gcc -E
checking for openssl support in libcurl... yes
checking for openssl/crypto.h... (cached) yes
checking for gnutls support in libcurl... no
checking for curl_easy_perform in -lcurl... (cached) yes
checking for curl_version_info in -lcurl... (cached) yes
checking for curl_easy_strerror in -lcurl... (cached) yes
checking for curl_multi_strerror in -lcurl... (cached) yes

[2008-11-24 09:26 UTC] jani@php.net

Does it work using the PHP CLI binary?

[2008-11-24 11:14 UTC] brian dot bream at comcast dot net

bash-3.00# php -f curl_test.php
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.33... * connected
* Connected to secure.authorize.net (64.94.118.33) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* SSL connection using RC4-MD5
* Server certificate:
*        subject: C=US, ST=Utah, L=American Fork, O=Authorize.Net Corp., OU=Authorize.Net Corp., CN=secure.authorize.net
*        start date: 2007-04-06 00:00:00 GMT
*        expire date: 2009-04-11 23:59:59 GMT
*        common name: secure.authorize.net (matched)
*        issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte SGC CA
*        SSL certificate verify ok.
> GET / HTTP/1.1
Host: secure.authorize.net
Accept: */*

< HTTP/1.1 200 OK
< Server: Microsoft-IIS/5.0
< Content-Location: https://secure.authorize.net/index.htm
< Date: Mon, 24 Nov 2008 11:11:57 GMT
< Content-Type: text/html
< Accept-Ranges: bytes
< Last-Modified: Wed, 05 May 2004 10:32:44 GMT
< ETag: "06ee34c8c32c41:2c4c"
< Content-Length: 320
<
* Connection #0 to host secure.authorize.net left intact
<pre>Array
(
    [url] => https://secure.authorize.net
    [content_type] => text/html
    [http_code] => 200
    [header_size] => 284
    [request_size] => 59
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.412856
    [namelookup_time] => 0.059205
    [connect_time] => 0.114765
    [pretransfer_time] => 0.257572
    [size_upload] => 0
    [size_download] => 320
    [speed_download] => 775
    [speed_upload] => 0
    [download_content_length] => 320
    [upload_content_length] => 0
    [starttransfer_time] => 0.412811
    [redirect_time] => 0
)
</pre>Errors: 0 <br><br>* Closing connection #0
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Content-Location: https://secure.authorize.net/index.htm
Date: Mon, 24 Nov 2008 11:11:57 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 05 May 2004 10:32:44 GMT
ETag: "06ee34c8c32c41:2c4c"
Content-Length: 320

<html>
 <HEAD><TITLE>Authorize.Net</TITLE>
 <META NAME="Authorize.Net -- Enabling more businesses to process transactions worldwide">
</HEAD>
<FRAMESET ROWS="100%,*" BORDER=0 FRAMEBORDER=0 FRAMESPACING=0>
<FRAME NAME="top" SRC="https://Account.authorize.net/ui/themes/anet/merch.app" NORESIZE>
</FRAMESET>


From  Browser
Array
(
    [url] => https://secure.authorize.net
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0
    [namelookup_time] => 0.036851
    [connect_time] => 0.092135
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => 0
    [upload_content_length] => 0
    [starttransfer_time] => 0
    [redirect_time] => 0
)

Errors: 35 error:80089077:lib(128):func(137):reason(119)

EOF

[2008-11-24 12:23 UTC] jani@php.net

Can you send that script to me so I can test myself?

[2008-11-24 12:44 UTC] brian dot bream at comcast dot net

sent to jani@php.net

[2008-11-24 13:29 UTC] jani@php.net

I can not reproduce this on any of my servers. I have Curl 7.18.2 and openssl 0.9.8g. I don't have any shared extensions messing things up so can you try first with the simplest possible configure line:

# rm config.cache ; ./configure --disable-all --disable-cgi --with-curl=/usr/local/
# make clean && make
# sapi/cli/php your_test_script_here.php

[2008-11-25 04:55 UTC] brian dot bream at comcast dot net

# rm config.cache ; ./configure --disable-all --disable-cgi
--with-curl=/usr/local/
# make clean && make
# sapi/cli/php your_test_script_here.php

Works as expected, the CLI has always worked.

Added basic functionality to support web server ops.

'./configure' '--with-apxs2=/usr/apache2/bin/apxs' '--with-config-file-path=/etc/apache2' '--with-openssl=shared,/usr/sfw/' '--with-curl=/usr/sfw/bin/' '--with-pdo-mysql=shared,/opt/csw/mysql5/'

Same issue.

Rebuilt openssl, same issue.

Sent config.log

[2008-11-25 08:35 UTC] jani@php.net

Try configure nothing as shared and make sure you're not loading any extensions in your php.ini, I think this is some clash between different openssl versions or something..

[2008-11-25 12:57 UTC] brian dot bream at comcast dot net

'./configure' '--with-apxs2=/usr/apache2/bin/apxs' '--with-config-file-path=/etc/apache2' '--with-openssl=/usr/sfw/' '--with-curl=/usr/sfw/bin/'

Commented all Dynamic Extensions in php.ini

Problem persists

Entry in Apache2 error log
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.33... * connected
* Connected to secure.authorize.net (64.94.118.33) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* error:80089077:lib(128):func(137):reason(119)
* Closing connection #0
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.33... * connected
* Connected to secure.authorize.net (64.94.118.33) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* error:80089077:lib(128):func(137):reason(119)
* Closing connection #0
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.32... * connected
* Connected to secure.authorize.net (64.94.118.32) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* error:80089077:lib(128):func(137):reason(119)

Continuing troubleshooting....

[2008-11-25 19:46 UTC] jani@php.net

Next make sure you're only loading PHP as DSO in Apache conf. (to rule out any interference from there too)

[2008-11-25 21:21 UTC] brian dot bream at comcast dot net

bash-3.00# grep -i php httpd.conf
LoadModule php5_module        libexec/libphp5.so
DirectoryIndex index.html index.html.var index.cgi index.php index.xhtml
AddType application/x-httpd-php .php

[2008-11-25 21:36 UTC] jani@php.net

I meant that you should reduce the amount of _any_ other modules in 
your httpd.conf. Especially those that link with openssl..

[2008-12-04 01:57 UTC] brian dot bream at comcast dot net

Gave up.

Rebuilt with Sun Microsystems coolstack.

http://cooltools.sunsource.net/coolstack/

All works now.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 05:01:33 2025 UTC