|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67639 cURL returns HTTP 400 error when doing two back-to-back queries
Submitted: 2014-07-17 09:46 UTC Modified: 2019-03-26 17:36 UTC
Avg. Score:3.9 ± 0.9
Reproduced:11 of 11 (100.0%)
Same Version:3 (27.3%)
Same OS:8 (72.7%)
From: jarkkohyvarinen at hotmail dot com Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.5.14 OS: CentOS 6.5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
50 - 36 = ?
Subscribe to this entry?

 [2014-07-17 09:46 UTC] jarkkohyvarinen at hotmail dot com
If I do two back-to-back queries to our server using two different server aliases (pointing to same server) first query executes successfully but second query always causes HTTP error 400. 

Apache ssl_error_log has an "Hostname provided via SNI and hostname provided via HTTP are different" describing the 400 error.

Our server has Apache 2.2.15, OpenSSL 1.0.1e and cURL 7.19.7.


Workaround is to use stream_context_create with SNI_enabled and SNI_server_name options.

Test script:
function doCurl($url) {
    $ch = curl_init($url);        
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);        
    $result = curl_exec($ch);
    $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);        
    return $code;    
echo "HTTP Status: ".doCurl("")."\n";
echo "HTTP Status: ".doCurl("")."\n";

Expected result:
HTTP Status: 200
HTTP Status: 200

Actual result:
HTTP Status: 200
HTTP Status: 400


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-07-17 10:56 UTC] jarkkohyvarinen at hotmail dot com
I noticed that if CURLOPT_SSL_VERIFYPEER is set to FALSE then both queries executes successfully.
 [2015-07-27 12:46 UTC] lukas at owncloud dot com
This is caused by an upstream NSS bug:
 [2019-03-26 17:36 UTC]
-Status: Open +Status: Not a bug
 [2019-03-26 17:36 UTC]
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 14 05:01:28 2024 UTC