PHP :: Bug #46644 :: https cURL failure

Bug #46644	https cURL failure
Submitted:	2008-11-22 16:31 UTC	Modified:	2008-12-04 01:57 UTC
From:	brian dot bream at comcast dot net	Assigned:
Status:	Closed	Package:	cURL related
PHP Version:	5.2CVS-2008-11-24	OS:	Solaris 10 08/07 x86
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-11-22 16:31 UTC] brian dot bream at comcast dot net

Description:
------------
Attempts to use cURL to an https site fails from within php, functions properly from the command line. cURL to an http site works in both locations.

'./configure' '--with-apxs2=/usr/apache2/bin/apxs' '--enable-dbase' '--with-libxml-dir=/usr/local' '--with-config-file-path=/etc/apache2' '--with-mysql=shared,/opt/csw/mysql5' '--with-mysqli=shared,/opt/csw/mysql5/bin/mysql_config' '--with-xpm-dir=/usr' '--with-gd' '--with-bz2=/usr/lib' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-zlib' '--enable-mbstring' '--enable-calendar' '--enable-bcmath' '--enable-ftp' '--enable-exif' '--with-openssl=shared,/usr/sfw' '--with-curl=/usr/local/bin/' '--with-pdo-mysql=shared,/opt/csw/mysql5/'

phpinfo at http://preferredsystems.com/phpinfo.php



Expected result:
----------------
A successful https connection to any site.

Actual result:
--------------
A curl test to an https site returns: Errors: 35 error:80089077:lib(128):func(137):reason(119)

This test was run at http://preferredsystems.com/curl_test.php making a call to https:secure.authorize.net

From the command line it works properly

bash-3.00# curl -v https://secure.authorize.net
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.32... connected
* Connected to secure.authorize.net (64.94.118.32) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
.....

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-11-24 04:21 UTC] brian dot bream at comcast dot net

checking for cURL support... yes
checking if we should use cURL for url streams... no
checking for cURL in default path... found in /usr/local
checking for cURL 7.10.5 or greater... libcurl 7.19.2
checking for SSL support in libcurl... yes
checking how to run the C preprocessor... gcc -E
checking for openssl support in libcurl... yes
checking for openssl/crypto.h... (cached) yes
checking for gnutls support in libcurl... no
checking for curl_easy_perform in -lcurl... (cached) yes
checking for curl_version_info in -lcurl... (cached) yes
checking for curl_easy_strerror in -lcurl... (cached) yes
checking for curl_multi_strerror in -lcurl... (cached) yes

[2008-11-24 09:26 UTC] jani@php.net

Does it work using the PHP CLI binary?

[2008-11-24 11:14 UTC] brian dot bream at comcast dot net

bash-3.00# php -f curl_test.php
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.33... * connected
* Connected to secure.authorize.net (64.94.118.33) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* SSL connection using RC4-MD5
* Server certificate:
*        subject: C=US, ST=Utah, L=American Fork, O=Authorize.Net Corp., OU=Authorize.Net Corp., CN=secure.authorize.net
*        start date: 2007-04-06 00:00:00 GMT
*        expire date: 2009-04-11 23:59:59 GMT
*        common name: secure.authorize.net (matched)
*        issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte SGC CA
*        SSL certificate verify ok.
> GET / HTTP/1.1
Host: secure.authorize.net
Accept: */*

< HTTP/1.1 200 OK
< Server: Microsoft-IIS/5.0
< Content-Location: https://secure.authorize.net/index.htm
< Date: Mon, 24 Nov 2008 11:11:57 GMT
< Content-Type: text/html
< Accept-Ranges: bytes
< Last-Modified: Wed, 05 May 2004 10:32:44 GMT
< ETag: "06ee34c8c32c41:2c4c"
< Content-Length: 320
<
* Connection #0 to host secure.authorize.net left intact
<pre>Array
(
    [url] => https://secure.authorize.net
    [content_type] => text/html
    [http_code] => 200
    [header_size] => 284
    [request_size] => 59
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.412856
    [namelookup_time] => 0.059205
    [connect_time] => 0.114765
    [pretransfer_time] => 0.257572
    [size_upload] => 0
    [size_download] => 320
    [speed_download] => 775
    [speed_upload] => 0
    [download_content_length] => 320
    [upload_content_length] => 0
    [starttransfer_time] => 0.412811
    [redirect_time] => 0
)
</pre>Errors: 0 <br><br>* Closing connection #0
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Content-Location: https://secure.authorize.net/index.htm
Date: Mon, 24 Nov 2008 11:11:57 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 05 May 2004 10:32:44 GMT
ETag: "06ee34c8c32c41:2c4c"
Content-Length: 320

<html>
 <HEAD><TITLE>Authorize.Net</TITLE>
 <META NAME="Authorize.Net -- Enabling more businesses to process transactions worldwide">
</HEAD>
<FRAMESET ROWS="100%,*" BORDER=0 FRAMEBORDER=0 FRAMESPACING=0>
<FRAME NAME="top" SRC="https://Account.authorize.net/ui/themes/anet/merch.app" NORESIZE>
</FRAMESET>


From  Browser
Array
(
    [url] => https://secure.authorize.net
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0
    [namelookup_time] => 0.036851
    [connect_time] => 0.092135
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => 0
    [upload_content_length] => 0
    [starttransfer_time] => 0
    [redirect_time] => 0
)

Errors: 35 error:80089077:lib(128):func(137):reason(119)

EOF

[2008-11-24 12:23 UTC] jani@php.net

Can you send that script to me so I can test myself?

[2008-11-24 12:44 UTC] brian dot bream at comcast dot net

sent to jani@php.net

[2008-11-24 13:29 UTC] jani@php.net

I can not reproduce this on any of my servers. I have Curl 7.18.2 and openssl 0.9.8g. I don't have any shared extensions messing things up so can you try first with the simplest possible configure line:

# rm config.cache ; ./configure --disable-all --disable-cgi --with-curl=/usr/local/
# make clean && make
# sapi/cli/php your_test_script_here.php

[2008-11-25 04:55 UTC] brian dot bream at comcast dot net

# rm config.cache ; ./configure --disable-all --disable-cgi
--with-curl=/usr/local/
# make clean && make
# sapi/cli/php your_test_script_here.php

Works as expected, the CLI has always worked.

Added basic functionality to support web server ops.

'./configure' '--with-apxs2=/usr/apache2/bin/apxs' '--with-config-file-path=/etc/apache2' '--with-openssl=shared,/usr/sfw/' '--with-curl=/usr/sfw/bin/' '--with-pdo-mysql=shared,/opt/csw/mysql5/'

Same issue.

Rebuilt openssl, same issue.

Sent config.log

[2008-11-25 08:35 UTC] jani@php.net

Try configure nothing as shared and make sure you're not loading any extensions in your php.ini, I think this is some clash between different openssl versions or something..

[2008-11-25 12:57 UTC] brian dot bream at comcast dot net

'./configure' '--with-apxs2=/usr/apache2/bin/apxs' '--with-config-file-path=/etc/apache2' '--with-openssl=/usr/sfw/' '--with-curl=/usr/sfw/bin/'

Commented all Dynamic Extensions in php.ini

Problem persists

Entry in Apache2 error log
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.33... * connected
* Connected to secure.authorize.net (64.94.118.33) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* error:80089077:lib(128):func(137):reason(119)
* Closing connection #0
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.33... * connected
* Connected to secure.authorize.net (64.94.118.33) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* error:80089077:lib(128):func(137):reason(119)
* Closing connection #0
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.32... * connected
* Connected to secure.authorize.net (64.94.118.32) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /var/tmp/cacert.pem
  CApath: none
* error:80089077:lib(128):func(137):reason(119)

Continuing troubleshooting....

[2008-11-25 19:46 UTC] jani@php.net

Next make sure you're only loading PHP as DSO in Apache conf. (to rule out any interference from there too)

[2008-11-25 21:21 UTC] brian dot bream at comcast dot net

bash-3.00# grep -i php httpd.conf
LoadModule php5_module        libexec/libphp5.so
DirectoryIndex index.html index.html.var index.cgi index.php index.xhtml
AddType application/x-httpd-php .php

[2008-11-25 21:36 UTC] jani@php.net

I meant that you should reduce the amount of _any_ other modules in 
your httpd.conf. Especially those that link with openssl..

[2008-12-04 01:57 UTC] brian dot bream at comcast dot net

Gave up.

Rebuilt with Sun Microsystems coolstack.

http://cooltools.sunsource.net/coolstack/

All works now.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 06:01:27 2025 UTC