1

so I'm trying to make a CURL connection using PHP....when I use command line here's what gets returned

curl -iv https://example.com/image.gif
* Hostname was NOT found in DNS cache
*   Trying ip.ad.dr.es.ss...
* Connected to site.com (ip.ad.dr.es.ss) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: example.com
* Server certificate: Symantec Class 3 Secure Server CA - G4
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> GET /image.gif HTTP/1.1
> User-Agent: curl/7.37.1
> Host: example.com
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: image/gif
Content-Type: image/gif
< Last-Modified: Thu, 14 Jul 2011 22:16:46 GMT
Last-Modified: Thu, 14 Jul 2011 22:16:46 GMT
< Accept-Ranges: bytes
Accept-Ranges: bytes
< ETag: "09bd8b77342cc1:0"
ETag: "09bd8b77342cc1:0"
* Server Microsoft-IIS/7.5 is not blacklisted
< Server: Microsoft-IIS/7.5
Server: Microsoft-IIS/7.5
< X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
< X-UA-Compatible: IE=EmulateIE10, requiresActiveX=true
X-UA-Compatible: IE=EmulateIE10, requiresActiveX=true
< Date: Thu, 05 Nov 2015 20:57:22 GMT
Date: Thu, 05 Nov 2015 20:57:22 GMT
< Content-Length: 43
Content-Length: 43
< Set-Cookie: BIGipServerSpace=596747530.20480.0000; path=/
Set-Cookie: BIGipServerSpace=596747530.20480.0000; path=/

< 
* Connection #0 to host example.com left intact

And here's how I try to access it via PHP

 $ch = curl_init();
  $url_to_check = 'https://example.com/image.gif';
  curl_setopt( $ch, CURLOPT_URL, $url_to_check );
  curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
  curl_setopt($ch, CURLOPT_PORT, 443);
  curl_exec( $ch );
  $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  echo curl_error($ch);
  echo '||';
  echo $httpcode;
  curl_close( $ch );

But then it ends up returning

Empty reply from server||0

What did I do wrong? How can I fetch the image using SSL via php CURL accordingly?

Improve this question
1
  • $res = curl_exec($ch); if ($res === false) { die(curl_error($ch)); }. there's no point in trying to fetch an http status code if an http request couldn't be made in the first place. check for curl-level errors FIRST. Commented Nov 5, 2015 at 21:48

1 Answer 1

Reset to default
3

What cURL version is your PHP using? Perhaps it doesn't support TLS 1.2 which was added in cURL 7.34.0.

Or your CA bundle might not recognize the CA of the site you are connecting to.

Try adding:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

To see the debug output from cURL in PHP like you get on the command line, you can add:

curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, fopen('php://output', 'w'));

That might shed some light on the issue, as well as calling var_dump(curl_getinfo($ch)); after the request is executed.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

the php server uses under 7.34.0 but the PHP curl was able to get en.wikipedia.org/static/favicon/wikipedia.ico properly even though it also uses TLS 1.2 ..... any ideas?
@pillarOfLight en.wikipedia.org supports TLS 1.0, TLS 1.1, and TLS 1.2 for compatibility (NO SSLv2 or SSLv3) which is why your curl was able to fetch it. If a site supports only tls 1.2 then cURL < 7.34.0 will not be able to fetch it. You'll need to upgrade your PHP cURL module (or if it's built into PHP, upgrade PHP and compile with a newer version of cURL and OpenSSL).
so the server's curl version is 7.19.7....after examining the site i'm interested in in ssllabs.com, it turns out that they support TLS 1.2, TLS 1.1, and TLS 1.0.....so does that mean that curl 7.19.7 doesn't even support TLS 1.0?
and evidently the openssl version is 0.9.8k ... does that also not support TLS 1.0?
@pillarOfLight 0.9.8k definitely doesn't support TLS 1.1 or 1.2, I believe it supports TLS 1.0 but can't find an exact reference. Most likely the issue is that your OpenSSL library doesn't support any of the cipher suites for TLS 1.0 that the site offers. From the command line (assuming your CLI version of OpenSSL is 0.9.8k) you can run openssl ciphers to see which it supports and compare it to the list of available ciphers as reported by ssllabs.com.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.