transform CURL request to PHP CURL

Question

I've this Curl request :

curl.exe -k --proxy-ntlm --proxy-user : --proxy http://proxyurl:80 -E C:\temp\certificat.pem:certifPassword -H depth:1 -X PROPFIND https://www.url.fr/to/webdav/number/folder/ > retour.xml

I've to translate it in php script. So I did this :

$ch = curl_init();

$urlPropfind = "https://www.url.fr/to/webdav/number/folder/";
$certifPropfind = __DIR__."/certificats/certificat.pem";
$passwordPropfind = "certifPassword";
$header = "depth:1";

//Proxy config
$proxyAdresse = "http://proxyUrl";
$proxyIp = "192.168.0.1"; //I change IP for security
$proxyPort = 80;
$proxyIdentification = "proxyUser:proxyPassword";

curl_setopt($ch, CURLOPT_PROXY, $proxyIp);
curl_setopt($ch, CURLOPT_PROXYPORT, $proxyPort);
curl_setopt($ch, CURLOPT_PROXYTYPE, 'HTTP');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyIdentification);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLCERT, $certifPropfind);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $passwordPropfind);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $urlPropfind);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));

$output = curl_exec($ch);

var_dump($output);

var_dump(curl_getinfo($ch));
curl_close($ch);

But my curl return FALSE so I don't understand what did I do wrong ?

The error:

HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS: client certificate not found: certServeurTM.pem * NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT) * SSL peer was unable to negotiate an acceptable set of security parameters. * Closing connection 2

And

• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
• unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
• NSS error -8178 (SEC_ERROR_BAD_KEY)
• Peer's public key is invalid.
• Closing connection 0

EDIT

I converted this to PHP & here my :

curl_setopt($ch, CURLOPT_URL, $urlPropfind);
  curl_setopt($ch, CURLOPT_NOPROGRESS, true);
  curl_setopt($ch, CURLOPT_PROXY, $proxyAdresse);
  curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyIdentification);
  curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
  curl_setopt($ch, CURLOPT_USERAGENT, "curl/7.29.0");
  curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
  curl_setopt($ch, CURLOPT_MAXREDIRS, 50);
  curl_setopt($ch, CURLOPT_KEYPASSWD, "/var/www/html/myapplication/certificats/certServeurTM.pem:toulouse31");
  curl_setopt($ch, CURLOPT_SSLCERT, "certServeurTM.pem");
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
  curl_setopt( $ch, CURLOPT_VERBOSE, true );
  curl_setopt( $ch, CURLOPT_STDERR, fopen('php://output', 'w') );

& message I get (only the end of message. All is good until certificat):

HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS: client certificate not found: certServeurTM.pem * NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT) * SSL peer was unable to negotiate an acceptable set of security parameters. * Closing connection 2

I added

curl_setopt($ch, CURLOPT_CAPATH, "/var/www/html/myapplication/certificats");

& I see the following message

failed to load '/var/www/html/myapplication/certificats/certServeurTM.pem' from CURLOPT_CAPATH

Answer 1

Add the following code to your script, after the last curl_setopt, and see what output you get:

curl_setopt( $ch, CURLOPT_VERBOSE, true );
curl_setopt( $ch, CURLOPT_STDERR, fopen('php://output', 'w') );

This will give you a clue at what the issue is. If you are unable to resolve the issue yourself, please update your question with the output of the new code.

Answer 2

by checking curl's --libcurl parameter, it seems:

you forgot to set CURLOPT_PROXYAUTH to CURLAUTH_NTLM.

you forgot to set CURLOPT_USERAGENT to your version of curl (curl cli does this automatically, libcurl does not. on my system, it is "curl/7.52.1").

it seems you mixed CURLOPT_SSLCERTPASSWD with CURLOPT_KEYPASSWD.

here's the --libcurl file, you could try converting that to PHP:

/********* Sample code generated by the curl command line tool **********
 * All curl_easy_setopt() options are documented at:
 * https://curl.haxx.se/libcurl/c/curl_easy_setopt.html
 ************************************************************************/
#include <curl/curl.h>

int main(int argc, char *argv[])
{
  CURLcode ret;
  CURL *hnd;
  struct curl_slist *slist1;

  slist1 = NULL;
  slist1 = curl_slist_append(slist1, "depth:1");

  hnd = curl_easy_init();
  curl_easy_setopt(hnd, CURLOPT_URL, "https://www.url.fr/to/webdav/number/folder/");
  curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 1L);
  curl_easy_setopt(hnd, CURLOPT_PROXY, "http://proxyurl:80");
  curl_easy_setopt(hnd, CURLOPT_PROXYUSERPWD, ":");
  curl_easy_setopt(hnd, CURLOPT_PROXYAUTH, (long)CURLAUTH_NTLM);
  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "curl/7.52.1");
  curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, slist1);
  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, (long)CURL_HTTP_VERSION_2TLS);
  curl_easy_setopt(hnd, CURLOPT_KEYPASSWD, "tempcertificat.pem:certifPassword");
  curl_easy_setopt(hnd, CURLOPT_SSLCERT, "C");
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
  curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "PROPFIND");
  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);

  /* Here is a list of options the curl code used that cannot get generated
     as source easily. You may select to either not use them or implement
     them yourself.

  CURLOPT_WRITEDATA set to a objectpointer
  CURLOPT_INTERLEAVEDATA set to a objectpointer
  CURLOPT_WRITEFUNCTION set to a functionpointer
  CURLOPT_READDATA set to a objectpointer
  CURLOPT_READFUNCTION set to a functionpointer
  CURLOPT_SEEKDATA set to a objectpointer
  CURLOPT_SEEKFUNCTION set to a functionpointer
  CURLOPT_ERRORBUFFER set to a objectpointer
  CURLOPT_STDERR set to a objectpointer
  CURLOPT_HEADERFUNCTION set to a functionpointer
  CURLOPT_HEADERDATA set to a objectpointer

  */

  ret = curl_easy_perform(hnd);

  curl_easy_cleanup(hnd);
  hnd = NULL;
  curl_slist_free_all(slist1);
  slist1 = NULL;

  return (int)ret;
}
/**** End of sample code ****/

Answer 3

Finally I get it !!

In fact, the person in charge of certifacts management forget to tell me that I need another private key & private certificat...

So here my final code :

curl_setopt($ch, CURLOPT_URL, $urlPropfind);
  curl_setopt($ch, CURLOPT_NOPROGRESS, true);
  curl_setopt($ch, CURLOPT_PROXY, $proxyAdresse);
  curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyIdentification);
  curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
  curl_setopt($ch, CURLOPT_USERAGENT, "curl/7.29.0");
  curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
  curl_setopt($ch, CURLOPT_MAXREDIRS, 50);
  curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "toulouse31");
  curl_setopt($ch, CURLOPT_SSLCERT, "/var/www/html/myapplication/certificats/certServeurTM.pem");  
  curl_setopt($ch, CURLOPT_SSLCERT, "/var/www/html/myapplication/certificats/default.crt");  
  curl_setopt($ch, CURLOPT_SSLKEY, "/var/www/html/myapplication/certificats/default.privkey"); 
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt( $ch, CURLOPT_VERBOSE, true );
  curl_setopt( $ch, CURLOPT_STDERR, fopen('php://output', 'w') );

Thanks, everyone, for your help :)