PHP cURL working locally, error 77 on AWS server

Question

LATEST UPDATE: script is running successfully via SSH shell as "php script.php", being an admin user. When run by the nginx user, the curl command fails to do the https request. So I guess it's an issue of nginx user not being able to use curl properly. I've checked tenths of configuration files and cannot find where this could be changed.

I'm trying to post the following JSON

{
    "where": {
      "userId": "97"
    },
    "data": {
      "alert": "Joe Masilotti answered a question you follow",
      "badge": "Increment","eventId":"3","questionId":"8954","answerId":"977"
    }
}

with the following code

$c = curl_init();
curl_setopt($c, CURLOPT_TIMEOUT, 30);
curl_setopt($c, CURLOPT_USERAGENT, 'parse.com-php-library/2.0');
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLINFO_HEADER_OUT, true);

curl_setopt($c, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'X-Parse-Application-Id: '.$this->_appid,
    'X-Parse-REST-API-Key: '.$this->_restkey
)); 
curl_setopt($c, CURLOPT_CUSTOMREQUEST, 'POST');

$postData = str_replace(PHP_EOL,'',$args['data']);
curl_setopt($c, CURLOPT_POSTFIELDS, $postData );
$url = $this->_parseurl . $args['requestUrl'];
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($c);

It works on my local Apache. I run this on an nginx server running on AWS EC2 and getting this from cURL

Array
(
    [url] => https://api.parse.com/1/push
    [content_type] => 
    [http_code] => 0
    [header_size] => 0
    [request_size] => 0
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.012399
    [namelookup_time] => 0.01232
    [connect_time] => 0.013486
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => -1
    [starttransfer_time] => 0
    [redirect_time] => 0
    [certinfo] => Array
        (
        )

    [redirect_url] => 
)


cURL error number:77

cURL error:

The same JSON is sent OK from the command line of the AWS EC2 server with the following command

curl -X POST \
  -H "X-Parse-Application-Id: <...>" \
  -H "X-Parse-REST-API-Key:<..>" \
  -H "Content-Type: application/json" \
  -d '{
        "where": {
          "userId": "97"
        },
        "data": {
          "alert": "Joe answered a question",
          "badge": "Increment","eventId":"3","questionId":"8954","answerId":"977"
        }
      }' \
  https://api.parse.com/1/push

cURL extension is set up properly on the server, and it works in other scripts. Thanks!

UPDATE: The script "script.php" runs successfully when run on server from command line as "php script.php", while failing when requested on a browser at "http://www.mysite.com/script.php"

UPDATE: Here's my curl -V

curl 7.36.0 (x86_64-redhat-linux-gnu) libcurl/7.36.0 NSS/3.16 Basic ECC zlib/1.2.7 libidn/1.18 libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz

and I was trying to check curl differences between my local and server PHP configs, I saw that local curl SSL version is OpenSSL/1.0.1f while on server is NSS/3.14.3.0

Answer 1

I have the same error on amazon AMI linux.

I Solved by setting curl.cainfo on /etc/php.d/curl.ini

check my curl.ini https://gist.github.com/reinaldomendes/97fb2ce8a606ec813c4b

Answer 2

Answering my own question after 2 days of debugging. After playing with compiling everything one by one, I realized that after the last update in the Amazon Linux server - caused by the heartbleed issue, there was a problem with NSS, package manager couldn't update it because of some broken dependencies.

The one solution was to re-compile PHP with cURL using openSSL instead of NSS. Before doing that and spend hours (as also not relying on the ease of package management), I created a fresh Amazon Linux server to check if they had updated the package management and NSS worked in the new AMIs. And they had. Popped a new instance, did a yum update before anything else, and NSS was the first to be updated.

Tried the above code and worked. So, now I'm moving all the codebase to the new instance, switching EIP to the new instance and all good.