0

I am using a php library called guzzle to connect to a website. I just updated my mac's version of curl using mac ports. After updating tests that did work before no longer work. I have traced the issue back to curl.

mbp2016:tests pgee$ uname -a
Darwin mbp2016.local 21.1.0 Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:23 PDT 2021; root:xnu-8019.41.5~1/RELEASE_X86_64 x86_64

# i have tried openssl version 1.1 and 3.
mbp2016:tests pgee$ openssl version
OpenSSL 1.1.1l  24 Aug 2021

mbp2016:tests pgee$ curl --version
curl 7.80.0 (x86_64-apple-darwin21.1.0) libcurl/7.80.0 OpenSSL/3.0.0 zlib/1.2.11 zstd/1.5.0 libidn2/2.3.2 libpsl/0.21.1 (+libidn2/2.3.2)
Release-Date: 2021-11-10
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets zstd

## try an insecure connection.
mbp2016:tests pgee$ curl --insecure --head https://www.ahpra.gov.au
curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled

on an older version of curl on linux (ubuntu) this is the output:

pgee@Zen:~$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.3.0 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
## try a regular connection.
pgee@Zen:~$ curl --head https://www.ahpra.gov.au
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

## now try an insecure connection.
pgee@Zen:~$ curl --insecure --head https://www.ahpra.gov.au
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 159182
Content-Type: text/html; charset=utf-8
Expires: -1
Set-Cookie: AhpraWeb=y2sh0dgwq3n5re1cuk3ods2m; path=/; secure; HttpOnly; SameSite=None
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
P3P: CP="CAO CURa ADMa PSAa PSDa IVAa IVDa HISa OTPa DELa STP COM NAV INT STA"
Date: Wed, 01 Dec 2021 06:36:37 GMT
Set-Cookie: TS018b815b=0159a15e4ff6af8cb760dde0db853d0011cea5a2ece396e491a68a5c8133cfd459f26673950612ff86548549e42634d85e25eb343f9929503fc47f847b5db8e7edc011c669; Path=/

with php this is my client connection:

<?php 
...
# this is what i have tried with guzzle -- installed with composer via "guzzlehttp/guzzle": "6.5.5",
$client  =new Client([
        'cookies' => TRUE,
        'verify'  => FALSE,
        'curl' =>  [
      CURLOPT_NOBODY           => TRUE,
      CURLOPT_SSL_VERIFYSTATUS => FALSE,
      CURLOPT_SSL_VERIFYHOST   => FALSE,
      CURLOPT_SSL_VERIFYPEER   => FALSE,
      CURLOPT_USERAGENT        => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36',
    ]]);

looking the website in a browser, it reports that there is a secure connection.

i have googled the error and found nothing helpful.

I have used the 'copy as curl' option from the chrome development tools network panel, and curl still reports the same error.

my question is, what can I do to make a connection (secure or insecure) to this site with curl?

pgee70
  • 3,707
  • 4
  • 35
  • 41
  • your code, `CURLOPT_SSL_VERIFYPEER => FALSE` is susceptible to Man-In-The-Middle attack. read this https://stackoverflow.com/questions/4372710/php-curl-https for the solution. its down there within all those good answer – zimorok Dec 01 '21 at 12:41

0 Answers0