Menu
I have a site that connects using cURL (latest version) to a secure gateway for payment.
The problem is cURL always returns 0 length content. I get headers only. And only when I set cURL to return headers. I have the following flags in place.
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_URL, $gatewayURI); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_POST, 1); The header returned is
HTTP/1.1 100 Continue HTTP/1.1 200 OK Date: Tue, 25 Nov 2008 01:08:34 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; path=/ Cache-control: private I have also tried cURL'ing different sites and they return content fine. I think the problem might have something to do with the https connection.
I have spoken with the company and they are unhelpful.
Has anyone else experienced this error and know a work around? Should I ditch cURL and try and use fsockopen() ?
Thank you. :)
287
curl is a command-line tool that supports many web protocols like HTTPS.
To make a GET request using Curl, run the curl command followed by the target URL. Curl automatically selects the HTTP GET request method unless you use the -X, --request, or -d command-line option.
Cause #1 – cURL is not enabled cURL is supported by your hosting company/plan but not enabled: If cURL is supported by you hosting company but it is not enabled by default, then often you simply just need to login to your hosting dashboard, navigate to the relevant section and enable it. Done!
I had the same problem today. Curl comes with an outdated file to authenticate HTTPS certificates from.
get the new one from:
http://curl.haxx.se/ca/cacert.pem
save it into some dir on your site
and add
curl_setopt ($curl_ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem"); To every request :-)
IGNORE any dumbass comments about disabling CURLOPT_VERIFYPEER and CURLOPT_VERIFYHOST!! That leaves your code vulnerable to man in the middle attacks!
December 2016 edit:
Solve this properly by using Jasen's method mentioned below.
add curl.cainfo=/etc/ssl/certs/ca-certificates.crt to you php.ini
October 2017 edit:
There is now a composer package that helps you manage the ca certificates, so that you're not vulnerable if your cacert.pem becomes outdated due to revoking certificates.
https://github.com/paragonie/certainty -> composer require paragonie/certainty:dev-master
168
You should also try checking the error messages in curl_error(). You might need to do this once after each curl_* function.
http://www.php.net/curl_error
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
