Page 1 of 2
cURL from a Secure Server?
Posted: Mon May 28, 2007 11:04 pm
by nyfael
Hi,
My cURL function is being blocked from a Secure Server - is there any tips in getting through? I'm using it in my Shopping Cart and need it to be behind the server, and there is no proxy server that I'm aware of that I can use. Any suggested alternate routes?
-Kerry
Re: cURL from a Secure Server?
Posted: Mon May 28, 2007 11:06 pm
by volka
nyfael wrote:My cURL function is being blocked from a Secure Server
Please elucidate. Exactly what do you mean by "blocked"? Do you get an error message? What do you mean by "Secure Server"? A firewall?
Posted: Mon May 28, 2007 11:20 pm
by nyfael
My apologies.
I'm behind a dedicated SSL, the exact error message I get is:
Error Number: 18
Error Message: transfer closed with -1 bytes remaining to read
I'm doing a call to Paypal, and if I remove the https and make it http, it works fine. I'm hosted with 1&1 who happen to have some of the worst support, in this area at least.
Here's a couple differences between the two servers (http, and https)
HTTP: PHP 5. 2. 1, libcurl/7.15.1 OpenSSL/0.9.6g zlib/1.2.1 libidn/0.4.1
HTTPS: PHP 4.4.4, libcurl/7.10.3 OpenSSL/0.9.6g ipv6 zlib/1.2.1
Thanks,
Kerry
Posted: Tue May 29, 2007 12:27 am
by volka
I don't know what the cause of the error is but the curl error code says
http://curl.haxx.se/libcurl/c/libcurl-errors.html wrote:CURLE_PARTIAL_FILE (18)
A file transfer was shorter or larger than expected. This happens when the server first reports an expected transfer size, and then delivers data that doesn't match the previously given size
The server curl is connected to seems to send a bogus Content-length value.
Posted: Tue May 29, 2007 12:35 am
by nyfael
Couldn't that also happen if it wasn't getting sent at all, but it thinks it is? Like the secure server is blocking it...
Posted: Tue May 29, 2007 12:39 am
by volka
I'm not familiar with curl but the error message
nyfael wrote:Error Message: transfer closed with -1 bytes remaining to read
suggests curl didn't expect more data but the server sent at least one more byte.
Posted: Tue May 29, 2007 1:26 am
by nyfael
I don't fully understand that but I'll take your word. All I know is that the Secure Server is causing the problem, and I'd like to fix it.
Posted: Tue May 29, 2007 2:08 am
by volka
nyfael wrote:I don't fully understand that but I'll take your word.
Better don't. As mentioned I'm not familiar with curl.
And I still do not understand what you mean by
nyfael wrote:I'm behind a dedicated SSL
Posted: Tue May 29, 2007 2:46 am
by Chris Corbyn
volka wrote:And I still do not understand what you mean by
nyfael wrote:I'm behind a dedicated SSL
Me neither. I've heard of being behind a firewall, but not a "SSL". SSL is a transport layer.
Posted: Tue May 29, 2007 2:51 am
by nyfael
Sorry, I'm saying that simply because I feel like I'm in a server with no way to communicate to the outside world.
It's the first time I've used SSL and I just know that I've had loads of trouble with it (mainly because the support is terrible).
If I can't communicate out I can't get my shopping cart to work - which is a must.
Posted: Tue May 29, 2007 3:38 am
by volka
HTTP: PHP 5. 2. 1, libcurl/7.15.1 OpenSSL/0.9.6g zlib/1.2.1 libidn/0.4.1
Have you considered to install and configure the ssl-enabled server the same way?
Posted: Tue May 29, 2007 12:43 pm
by nyfael
Hosting through 1&1 - I don't have control over the server, and I don't know how to uninstall otherwise.
Is there a way to install remotely?
-Kerry
Posted: Tue May 29, 2007 1:56 pm
by volka
nyfael wrote:Is there a way to install remotely?
If it is webhosting "only" the answer is probably "no".
Does curl complain only about this particular url, i.e. have you tried to request data from another url?
php's native
url wrappers would not suffice by any chance?
Posted: Tue May 29, 2007 5:53 pm
by nyfael
I can connect through SSH but I don't really have any knowledge in that area.
Wow, I feel very foolish. I totally thought I had tried other URLs but apparently not. I did one to a few other sites and it worked from HTTPS. Does that mean that Paypal is somehow blocking me? Why would they block me when I'm coming from a Secure Server? Perhaps the data I'm trying to send out can't get to them? (Maybe curl is only working to retrieve the data?) I'm going to test that right now.
That definitely puts me on a different path though.
Have never used url wrappers -- have no data about them.
Thanks!
-Kerry
UPDATE:
I ran the script at the bottom of this page:
http://www.phpbuilder.com/columns/ian_g ... r+Approval
on my server with both HTTP and HTTPS and it worked fine. Anyone know why this would change when doing it to Paypal?
Here's the page that I tested the above script on:
https://www.studio98designs.com/curl.php
I also found that it is apparently talking to Paypal but when there is an error it has been redirecting it to another page. I removed the redirect, but had it issue the error AND the response and you get (this is all Sandbox):
error18
transfer closed with -1 bytes remaining to readResponse: SUCCESS
DoDirectPayment
Transaction Completed Succesfully.
Transaction ID: 0BF038825X402260Y
Amount: USD 1.00
AVS: X
CVV2: M
You can test the Paypal here:
https://www.studio98designs.com/php_nvp ... tType=Sale
Posted: Wed May 30, 2007 1:06 am
by volka
Does that mean that Paypal is somehow blocking me? Why would they block me when I'm coming from a Secure Server?
They don't even know

SSL is something that is applied to a certain connection, you might call it an addon for a connection.
If you open a new connection from your server to the paypal webserver this connection can also have the ssl addon or it doesn't. Just because your webserver received the request via ssl doesn't mean anything else uses ssl implicitly. Therefore for the "outside" world there is no "I'm coming from a Secure Server".
nyfael wrote:I also found that it is apparently talking to Paypal but when there is an error it has been redirecting it to another page. I removed the redirect, but had it issue the error AND the response and you get (this is all Sandbox):
Is this a public sandbox, i.e. can you give us the url so we can play with it ourselfs?