What's wrong with my Curl call?

m_hutley · February 22, 2023, 11:06am

Well that was what VERIFYPEER = false was supposed to do…well, at least it should have cleared one set of SSL hurdles. There’s a whole group of SSL settings in cURL, but without knowing which one is causing the problem (or if it’s possible to fix with configuration at all; if the problem is something embedded in OSSL3, you’d need a completely separate install of openSSL)…

rpkamp · February 22, 2023, 4:50pm

From what I’m reading you need to recompile PHP against an older version of OpenSSL.

Alternatively, can you connect over HTTP as well? Https below version 3 is rather pointless nowadays anyway.

spaceshiptrooper · February 22, 2023, 4:54pm

There’s

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);

I only use this on localhost where I have generated my own self-assigned SSL. There are issues with self-assigned SSL which I know for my localhost at least, it’s legit. That’s the only reason why I set them to false. Here’s the line of code I use.

if(SERVER_ADDR == '127.0.0.1' OR SERVER_ADDR == '::1' OR strpos(REMOTE_ADDRESS, '192.168.') !== false) {

	curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);

} else {

	curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 2);

}

rpkamp · February 22, 2023, 6:44pm

That won’t work to accept old SSL versions, as they simply aren’t available in the OpenSSL version that comes with Ubuntu 22.04.

ramishjutt17 · February 23, 2023, 2:33pm

There is a syntax error in the code where you are trying to assign the decoded JSON response to $jsonArrayResponse. The assignment operator should be an equals sign, not a hyphen:
$jsonArrayResponse = json_decode($phoneList);
Additionally, issues with the API endpoint, authentication, or network connectivity may prevent the Curl call from returning a response. You can try adding error handling to your code to help identify any issues:
if ($phoneList === false) {
echo 'Curl error: '. curl_error($cURLConnection);
} else {
$jsonArrayResponse = json_decode($phoneList);
if ($jsonArrayResponse === null) {
echo 'JSON decoding error: '. json_last_error_msg();
} else {
var_dump($jsonArrayResponse);
}
}
This code will check for errors in the Curl request and JSON decoding, and print any error messages to help identify the issue.

jeremy58 · February 23, 2023, 6:28pm

Connections over HTTP are refused.

It’s possible to specify a configuation that will allow legacy renogitation. I guess you could probably edit the ssl config system-wide, but probably not a good idea if it’s just for a single script.

Make a ssl.conf file somewhere like:

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

Then make the curl call like

OPENSSL_CONF=ssl.conf php my-curl.php

rpkamp · February 26, 2023, 9:04am

Thread continues here: Specify OPENSSL_CONF for single script?