curl vs libcurl command using php-curl

Question

I have a curl command that works perfectly from the command line that goes like so :

curl --cert /path/to/cert.pem \
     --cert-type PEM \
     --form "files[0]=@/path/to/file.csv" \
     https://url.com/whatever

I can also run it successfully from php using

exec("curl --cert /path/to/cert.pem --cert-type PEM --form \"files[0]=@/path/to/file.csv\" https://url.com/whatever");

Translating the command to php-curl I got

$url = "https://url.com/whatever";
$certificate = "/path/to/cert.pem";
$filePath = "/path/to/file.csv";
$postData = array("files[0]" => "@".$filePath);

// Upload request
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSLCERT, $certificate);
curl_setopt($ch, CURLOPT_SSLCERTTYPE, "PEM");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);

// I have tried WITH or WITHOUT the following options to no avail
// Note that SSL_VERIFYPEER false is not necessary -- I do not have a self-signed cert in the chain
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

$postUploadResponse = curl_exec($ch);

and this does not work. The message I get from the server is that the authentication has failed and that my certificate is not valid (though the exact same certificate works from the cmd line).

An important detail : that function runs perfectly well (with SSL_VERIFYPEER false as I use a self-signed cert locally) from my local XAMPP installation but the same code fails on the server.

The server is on Debian 8.3.

curl --version is

curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP

What could be causing this ? Is there anything that could be causing my certificate to not be sent properly when using libcurl ?

My bet is that your php-curl is not using the same set of Root CAs as your curl. This is why it works with 'SSL_VERIFYPEER' to false. Find the source of the Root CAs of php-curl and add the proper Root CA — Jofre, May 26 '16 at 19:33
@Jofre sorry I guess my question wasn't clear on that. The certificate that's failing (according to the remote server) is the SSLCERT, not the CA-CERT so the Root CAs should not matter (it fails with or without SSL_VERIFYPEER) — Hugo Migneron, May 26 '16 at 21:40
I would split the client certificate and key. Use this as a reference http://stackoverflow.com/questions/11308270/using-curl-in-php-with-ca-certificate-client-certificate-and-private-key-in-s — Jofre, May 27 '16 at 19:26

curl vs libcurl command using php-curl

0 Answers0