I'm having a problem locally (Fedora) that I'm not seeing on my server (RedHat). When using php's curl functions in a script that runs under apache, I can't connect to HTTPS servers. When I run the exact same script from the CLI, it has no trouble connecting. I have no trouble connecting to HTTP servers, only to HTTPS. When I run the exact same script on my RedHat server, it works fine under apache and from the CLI.
Here's the script:
<?php
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => "https://www.google.com/",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE => true,
]);
$result = curl_exec($ch);
$headers = curl_getinfo($ch);
echo "Result:
";
var_export($result);
echo "
Headers:
";
var_export($headers);
?>
When I run it under apache, I get this output:
Result:
false
Headers:
array (
'url' => 'https://www.google.com/',
'content_type' => NULL,
'http_code' => 0,
'header_size' => 0,
'request_size' => 0,
'filetime' => -1,
'ssl_verify_result' => 0,
'redirect_count' => 0,
'total_time' => 0.028444000000000001,
'namelookup_time' => 0.028337000000000001,
'connect_time' => 0.040409,
'pretransfer_time' => 0,
'size_upload' => 0,
'size_download' => 0,
'speed_download' => 0,
'speed_upload' => 0,
'download_content_length' => -1,
'upload_content_length' => -1,
'starttransfer_time' => 0,
'redirect_time' => 0,
'redirect_url' => '',
'primary_ip' => '74.125.226.146',
'certinfo' =>
array (
),
'primary_port' => 443,
'local_ip' => '192.168.5.197',
'local_port' => 39900,
)
.. and this in the error log:
* Adding handle: conn: 0x7fdaff4ba4b0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 1 (0x7fdaff4ba4b0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.google.com port 443 (#1)
* Trying 74.125.226.146...
* Connected to www.google.com (74.125.226.146) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* Closing connection 1
When run in the CLI, I get this output:
* Adding handle: conn: 0x7fb9c7c6b670
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fb9c7c6b670) send_pipe: 1, recv_pipe: 0
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.226.148...
* Connected to www.google.com (74.125.226.148) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using SSL_RSA_WITH_RC4_128_SHA
* Server certificate:
* subject: CN=www.google.com,O=Google Inc,L=Mountain View,ST=California,C=US
* start date: Dec 11 12:02:58 2013 GMT
* expire date: Apr 10 00:00:00 2014 GMT
* common name: www.google.com
* issuer: CN=Google Internet Authority G2,O=Google Inc,C=US
> GET / HTTP/1.1
Host: www.google.com
Accept: */*
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Location: https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo
< Content-Length: 257
< Date: Wed, 22 Jan 2014 17:38:21 GMT
* Server GFE/2.0 is not blacklisted
< Server: GFE/2.0
< Alternate-Protocol: 443:quic
<
* Connection #0 to host www.google.com left intact
Result:
'<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo">here</A>.
</BODY></HTML>
'
Headers:
array (
'url' => 'https://www.google.com/',
'content_type' => 'text/html; charset=UTF-8',
'http_code' => 302,
'header_size' => 259,
'request_size' => 53,
'filetime' => -1,
'ssl_verify_result' => 0,
'redirect_count' => 0,
'total_time' => 0.210087,
'namelookup_time' => 0.028376999999999999,
'connect_time' => 0.041487000000000003,
'pretransfer_time' => 0.19747600000000001,
'size_upload' => 0,
'size_download' => 257,
'speed_download' => 1223,
'speed_upload' => 0,
'download_content_length' => 257,
'upload_content_length' => 0,
'starttransfer_time' => 0.210032,
'redirect_time' => 0,
'redirect_url' => 'https://www.google.ca/?gfe_rd=cr&ei=DQLgUsKrCoWN8Qeo9oAo',
'primary_ip' => '74.125.226.148',
'certinfo' =>
array (
),
'primary_port' => 443,
'local_ip' => '192.168.5.197',
'local_port' => 50454,
)
Any ideas? Thanks. This is PHP 5.5.7.
Maybe you should try the insecure setting in your PHP code as suggested here.
Also you can try curl from the command line to see if your curl installation works as designed by running the following command in a terminal
curl --insecure <your-url>
Was your php compiled with --with-open-ssl=/usr/local/ssl ?
Check that with <?php phpinfo(); ?>
Look for a box with header, "OpenSSL." If you see it there, then your PHP installation now has SSL support enabled.
I restarted Apache and the problem went away. I checked my system package install log (/var/log/yum.log) and found that an update to NSS was installed. I guess you're supposed to restart Apache after upgrading.