1

Running on Windows, WAMP64 this code returns success. However the exact same code fails on either of our two live servers with error messages:

curl_errno: 58 | curl_error: Unable to load client key -8178.

I think it might be of note that the local server uses Open-SSL and the live servers use NSS? But I am well out of my comfort zone, and assistance would be greatly appreciated.

The php code in use and the configuration for my local setup, and two live servers follows:

The code

$xml = file_get_contents("the_xml.xml");

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://adfapi.adftest.rightmove.com/v1/property/overseassendpropertydetails");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() .'/our_cert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml')); 
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);

$result = curl_exec($ch);

Local CURL info:

curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL 
Release-Date: 2017-11-14, security patched: 2019-11-05
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL

Local TLS info:

OS: WINNT
uname: Windows NT MY-PC 10.0 build 19042 (Windows 10) AMD64
PHP version: 7.3.12
curl version: 7.64.0
SSL version: OpenSSL/1.1.1c
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1010104f

Server 1 - CentOS release 6.10

curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

OS: Linux
uname: Linux servername.serveraddress.co.uk 2.6.32-754.33.1.el6.x86_64 #1 SMP Tue Aug 25 15:29:40 UTC 2020 x86_64
PHP version: 7.3.25
curl version: 7.19.7
SSL version: NSS/3.44
SSL version number: 0
OPENSSL_VERSION_NUMBER: 1000105f
TLS test (default): TLS 1.2
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2

Server 2 - CentOS Linux release 7.9.2009

curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets

OS: Linux
uname: Linux servername.serveraddress.co.uk 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
PHP version: 7.3.26
curl version: 7.29.0
SSL version: NSS/3.53.1
SSL version number: 0
OPENSSL_VERSION_NUMBER: 100020bf
TLS test (default): TLS 1.2
TLS test (TLS_v1): TLS 1.2
TLS test (TLS_v1_2): TLS 1.2
mayersdesign
  • 5,062
  • 4
  • 35
  • 47
  • Possible dupe of https://stackoverflow.com/a/22503032/892493? If that is not it, make sure the cert/key are readable by the user that the web server is running as. – drew010 Feb 03 '21 at 00:31
  • Definitely readable (I can even output file_get_contents of the .pem in the php script) - I believe I have already worked through the suggested link, but will double check and report back – mayersdesign Feb 03 '21 at 08:17

0 Answers0