11

From development machine (mac) there is no problem connecting via cURL in PHP to this, but in Ubuntu, I get this error. I've tried on a local machine and on an Amazon AWS instance. I've googled and googled and keep coming up to brick walls. There's no firewall restrictions in place, its a complete mystery. php5-curl IS installed in ubuntu, I just don't have any ideas. I ran this command:

curl -v https://api.rkd.reuters.com/api/2006/05/01/TokenManagement_1.svc/Anonymous

and got this output, no clues whatsoever to a solution. OpenSSL is also installed.

* About to connect() to api.rkd.reuters.com port 443 (#0)
*   Trying 159.220.40.240... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to api.rkd.reuters.com:443 
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to api.rkd.reuters.com:443

Any ideas welcomed on this

ThePHPUnicorn
  • 619
  • 2
  • 7
  • 22
  • http://askubuntu.com/questions/189752/cant-connect-to-certain-https-sites – kgu87 Oct 15 '13 at 14:50
  • Nothing in that post worked unfortunately. I did find that doing this: curl -v https://api.rkd.reuters.com Had problems with not being able to access the host, but this worked fine: curl -v -SSLv3 https://api.rkd.reuters.com Any ideas how to set soapclient to use SSLv3? I reckon this could work. I found nothing on Google... – ThePHPUnicorn Oct 16 '13 at 09:42
  • Found this http://stackoverflow.com/questions/10047407/curl-error-sslv3-alert-unexpected-message – kgu87 Oct 16 '13 at 09:56
  • Hi unfortunately I'm not using CURL in my PHP script, but am instead using soapClient so this won't work for me :-( Thanks for looking for this though – ThePHPUnicorn Oct 16 '13 at 10:23
  • 1
    In that case, probably you want to specify _ssl_method_ in options, as shown here - http://php.net/manual/en/soapclient.soapclient.php - _The ssl_method option is one of SOAP_SSL_METHOD_TLS, SOAP_SSL_METHOD_SSLv2, SOAP_SSL_METHOD_SSLv3 or SOAP_SSL_METHOD_SSLv23_ – kgu87 Oct 16 '13 at 12:56
  • 1
    This is exactly what I did in the end, updated the PHP version to 5.5 and used this. Thanks for your help – ThePHPUnicorn Oct 16 '13 at 13:17

6 Answers6

8

I had this problem, and I fixed it by setting the curl SSL version to version 3

curl_setopt($ch, CURLOPT_SSLVERSION,3);

Apparently the server started requiring SSL version 3, and this setting caused cURL with SSL to start working again.

steampowered
  • 11,809
  • 12
  • 78
  • 98
2

Fixed it! It's a known problem with Ubuntu 12.04

These instructions

http://willbradley.name/2012/10/workaround-for-php-error-in-ubuntu-12-04-soapclient-ssl-crypto-enabling-timeout/

-- Cancel that, it just disabled exceptions, this is still not working! HELP!

-- EDIT - HERES HOW I FIXED IT IN THE END!

I upgraded to PHP 5.5 from 5.4.3 and set the following options in my call, which fixed it:

$options = array('ssl_method' => SOAP_SSL_METHOD_SSLv3,'soap_version' => SOAP_1_2);
$sc = new SoapClient('https://my-url.com/call/', $options);

The upgrade was necessary because the constant SOAP_SSL_METHOD_SSLv3 isn't present in PHP versions < 5.5, and unfortunately Ubuntu Server at the time would only allow an upgrade to 5.4.3 through apt-get update php5. I manually installed the later version, and it works fine now.

ThePHPUnicorn
  • 619
  • 2
  • 7
  • 22
2

I had the same problem, unfortunately with a host unwilling to upgrade to php 5.5.

I solved it by creating a new class extending php's SoapClient to use cURL:

/**
 * New SoapClient class.
 * This extends php's SoapClient,
 * overriding __doRequest to use cURL to send the SOAP request.
 */
class SoapClientCurl extends SoapClient {

  public function __doRequest($request, $location, $action, $version, $one_way = NULL) {
$soap_request = $request;
$header = array(
  'Content-type: application/soap+xml; charset=utf-8',
  "Accept: text/xml",
  "Cache-Control: no-cache",
  "Pragma: no-cache",
  "SOAPAction: \"$action\"",
  "Content-length: " . strlen($soap_request),
);
$soap_do = curl_init();
$url = $location;
$options = array(
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HEADER => FALSE,
  //CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_SSL_VERIFYHOST => 0,
  CURLOPT_SSL_VERIFYPEER => FALSE,
  CURLOPT_RETURNTRANSFER => TRUE,
  //CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
  CURLOPT_VERBOSE => true,
  CURLOPT_POST => TRUE,
  CURLOPT_URL => $url,
  CURLOPT_POSTFIELDS => $soap_request,
  CURLOPT_HTTPHEADER => $header,
  CURLOPT_FAILONERROR => TRUE,
  CURLOPT_SSLVERSION => 3,
);

curl_setopt_array($soap_do, $options);
$output = curl_exec($soap_do);
if ($output === FALSE) {
  $err = 'Curl error: ' . curl_error($soap_do);
}
else {
  ///Operation completed successfully
}
curl_close($soap_do);

// Uncomment the following line to let the parent handle the request.
//return parent::__doRequest($request, $location, $action, $version);
return $output;
  }

}
tripper54
  • 346
  • 2
  • 6
0

Error : CURL Error: 35 - OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to httpapi.com:443 (IP: 162.x.x.x & 204.x.x.x)

Incase of WHMCS:

You can contact your host to whitelist the IP address at their end to use their API.

Arun Krish
  • 21
  • 1
0

Fixed by adding curl-ca-bundle.crt to the folder next to curl.exe

cnmuc
  • 6,025
  • 2
  • 24
  • 29
0

I'm using Fefora 33 and solutions proposed by other users have not worked for me. In my case the problem is given by changes on Fedora 33, that have disabled SHA-1 signatures by default (https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2).

I solved it changing crypto policies:

update-crypto-policies --set DEFAULT:FEDORA32
JSGarcia
  • 556
  • 7
  • 18