HTTPS post request with CURL
Moderator: General Moderators
HTTPS post request with CURL
Hi all.
I'm trying to make an https post request using the CURL library. When I use plain html form all works fine. But when using php and curl functions, I'm getting :
* Your connection is using a weak random seed!
* Closing live connection (#0)
from the server. What could be the problem ?
I'm trying to make an https post request using the CURL library. When I use plain html form all works fine. But when using php and curl functions, I'm getting :
* Your connection is using a weak random seed!
* Closing live connection (#0)
from the server. What could be the problem ?
I think my php support the CURL because when I type (i the prompt) :
php -m
there is a list in which the "curl" is present.
I have copyed all files from
c:\php\dlls
to
c:\windows\system32 (I use windows XP)
the dlls copyed includes (libeay32.dll and ssleay32.dll)
The php code is very simple :
$data = "abc=123&def=456";
$f_error = fopen("errors.txt", "w");
$ch = curl_init("https://www.xxxxxxx.com/yyyy/zzzz.asp");
curl_setopt($ch, CURLOPT_VERBOSE, 1); // to dump errors
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_STDERR, $f_error);
curl_exec($ch);
curl_close($ch);
fclose($f_error);
after the execution, there is a file "error.txt" in which I can read :
* Your connection is using a weak random seed!
* Closing live connection (#0)
I think this is response from the server, not from my php but I'm not sure.
php -m
there is a list in which the "curl" is present.
I have copyed all files from
c:\php\dlls
to
c:\windows\system32 (I use windows XP)
the dlls copyed includes (libeay32.dll and ssleay32.dll)
The php code is very simple :
$data = "abc=123&def=456";
$f_error = fopen("errors.txt", "w");
$ch = curl_init("https://www.xxxxxxx.com/yyyy/zzzz.asp");
curl_setopt($ch, CURLOPT_VERBOSE, 1); // to dump errors
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_STDERR, $f_error);
curl_exec($ch);
curl_close($ch);
fclose($f_error);
after the execution, there is a file "error.txt" in which I can read :
* Your connection is using a weak random seed!
* Closing live connection (#0)
I think this is response from the server, not from my php but I'm not sure.
what are you trying to do? should the post make something happen on the target, or are you expecting a return? Your initial code had nothing that would assign any returned data..
Can you check the logs on the receiving webserver to see if the request where coming in at all, ok'd or rejected or whatever?
Can you check the logs on the receiving webserver to see if the request where coming in at all, ok'd or rejected or whatever?
There is some progress !!! 
I've upgraded my php. I was using 4.0.6, and now I'm using 4.3.2. Now I connect to the server, but the sertificates are not correct.
The new messages is :
* About to connect() to http://www.xxxxxxxx.com:443
* Connected to http://www.xxxxxxxxx.com (xxx.xxx.xxx.xxx) port 443
* unable to set private key file: 'c:/certificate.pem' type PEM
* Closing connection #0
I think it is because I export the certificate from IE in Base64 format and then just change the file extension. I think I should find some convertor.
I've upgraded my php. I was using 4.0.6, and now I'm using 4.3.2. Now I connect to the server, but the sertificates are not correct.
The new messages is :
* About to connect() to http://www.xxxxxxxx.com:443
* Connected to http://www.xxxxxxxxx.com (xxx.xxx.xxx.xxx) port 443
* unable to set private key file: 'c:/certificate.pem' type PEM
* Closing connection #0
I think it is because I export the certificate from IE in Base64 format and then just change the file extension. I think I should find some convertor.
If I remove the CURLOPT_SSLCERT option and leave only CURLOPT_SSL_VERIFYHOST set to 2 or 3, or even if I remove the CURLOPT_SSL_VERIFYHOST option at all, I get this message :
* About to connect() to http://www.e-gold.com:443
* Connected to http://www.e-gold.com (63.240.230.10) port 443
* SSL certificate problem, verify that the CA cert is OK
* Closing connection #0
As you can see, I'm trying to make an e-gold payment.
* About to connect() to http://www.e-gold.com:443
* Connected to http://www.e-gold.com (63.240.230.10) port 443
* SSL certificate problem, verify that the CA cert is OK
* Closing connection #0
As you can see, I'm trying to make an e-gold payment.
i just checked the cert at http://www.e-gold.com and the cert is valid and signed by verisign.. when I was writing 2 or 3 I ment SSL mode/version and nothing about verification, curl needs the root CA fingerprints and that in order to do verifications, try without any at first.
Your best approach is do as little and simple as possible, turn all verification and authentication off, have as few setopts as possible and it should work just fine..
I just did a simple test post to https://www.e-gold.com/ with success (well it returns 405 since the index is not a script that accepts post)..
Your best approach is do as little and simple as possible, turn all verification and authentication off, have as few setopts as possible and it should work just fine..
I just did a simple test post to https://www.e-gold.com/ with success (well it returns 405 since the index is not a script that accepts post)..