1

Observe the code below and note the commented curl options in the array. This code runs "as is" and returns a valid expected XML response.

protected function curlResponse($params)
{
    // Returns valid XML
    $xml = $this->TokenXml($params);
    $len = strlen($xml);
    // Returns array of headers Content-Type, SOAPAction and Content-Length
    $headers = $this->TokenHeaders($len);

    $curlopts = [
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_SSL_VERIFYPEER => 0,
        CURLOPT_SSL_VERIFYHOST => 0,
        CURLOPT_HEADER => FALSE,
        CURLOPT_URL => $params['tokenURL'],
        //CURLOPT_POSTFIELDS, $xml,
        //CURLOPT_HTTPHEADER, $headers
    ];

    $ch = curl_init();
    curl_setopt_array($ch, $curlopts);
    // Now swap the commented lines above and comment out these two. Fails.
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    $response = curl_exec($ch);

    curl_close($ch);

    return $response;
}

Uncomment the two lines in the array and comment out both curl_setopt() lines. The code fails.

By fail I mean the in the first case the recipient at $params['tokenURL'] returns a valid XML response with a token and in the second responds with errors as described below. The documentation says curl_setopt_array() is a perfectly legitimate alternative to repetitive curl_setopt().

Errors:

If just CURLOPT_HTTPHEADER is in the array, receives "The server cannot service the request because the media type is unsupported."

If just CURLOPT_POSTFIELDS is in the options array, the request times out/dies.

If BOTH options are in the options array, it returns a full HTML "help/usage" page that tells me it is not receiving or not parsing the XML: "The following operations are supported ....."

(My "operation" is listed on this page)

Is there an obvious explanation or something stupid I am overlooking?

$ lsb_release -a
Description:    Ubuntu 18.04.3 LTS
Release:    18.04

$ php -v
PHP 7.2.19-0ubuntu0.18.04.2 (cli) (built: Aug 12 2019 19:34:28) ( NTS )

$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3 

$ docker -v
Docker version 19.03.2, build 6a30dfc
SdSurfer
  • 29
  • 6
  • 1
    **[You should not switch off `CURLOPT_SSL_VERIFYHOST` or `CURLOPT_SSL_VERIFYPEER`](https://paragonie.com/blog/2017/10/certainty-automated-cacert-pem-management-for-php-software)**. It could be a security risk! [Here is how to get the certificate bundle if your server is missing one](https://stackoverflow.com/a/32095378/1839439) – Dharman Oct 11 '19 at 18:49
  • `CURLOPT_POSTFIELDS` should either be `var=urlencoded xml` or an array, but you are passing XML. – AbraCadaver Oct 11 '19 at 18:55
  • Do your headers include `Content-Type: text/xml`? Is your XML valid? Would be helpful if you provided an example of it. – EternalHour Oct 11 '19 at 19:09
  • Thank you for the replies. (Reply too long, broken into two comments) 1) _(VERIFY_HOST...)_ This is an existing legacy codebase and these are the params in use by all their connections (whether I like it or not.) I will try (re-) adding both of those, but it will likely fail. 2) _(encoded . . . )_ See above, I agree but coding within spec (and it does work as posted) 3) _(Headers)_Yes, the headers are 'Content-Type: text/xml; charset=utf-8', 'SOAPAction: "http://example.com/[action]"', 'Content-Length: ' . $len ` ($len = the content length param passed into the method.) – SdSurfer Oct 14 '19 at 13:29
  • Continued . . . hmm comment markup is not working . . . **The question is why it works perfectly as posted, but is broken when the two curl_setopt() params are moved into the array.** The question may come up if we are using SOAP, why aren't we using standard SOAP connections and the provider WSDL - their WSDL is broken and this is the method we're instructed to use, via cURL. – SdSurfer Oct 14 '19 at 13:29
  • @Dharman enabling these two options did not fail, now I will inquire why they are setting these to false in the other instances they are using cURL. Thank you. The query still fails if I move the curl_setopt() params into the array. – SdSurfer Oct 14 '19 at 13:36

0 Answers0