Curl request is failing on the SSL?

2023-01-19 03:38 问答作者：

I have this code

    if(ereg("^(https)",$url))
        curl_setopt($curl,CURLOPT_SS开发者_JAVA技巧L_VERIFYPEER,false);
    // execute, and log the result to curl_put.log
    $result = curl_exec($curl);


    $error = curl_error($curl);

The error specified is

SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

Any ideas on the cause

I encountered a similar cryptic error while working with a third-party library. I tried the CURLOPT_SSL_VERIFY[PEER|HOST] but it made no difference. My error message was similar:

SSL read: error:00000000:lib(0):func(0):reason(0), errno 54

So I visited http://curl.haxx.se/libcurl/c/libcurl-errors.html, looking for the error code 54.

CURLE_SSL_ENGINE_SETFAILED (54) Failed setting the selected SSL crypto engine as default!

This was wrong though - I was making other HTTPS requests using curl in other parts of the application. So I kept digging and found this question, R & RCurl: Error 54 in libcurl, which had this gem:

The output you see is from lib/ssluse.c in libcurl's source code and the "errno" mentioned there is not the libcurl error code but the actual errno variable at that time.

So, don't let the output of curl_error() mislead you. Instead, use curl_errno() to obtain the correct error code, which in this case was actually 56, CURLE_RECV_ERROR. Had the wrong host name...

With SSL, make sure that you have openssl extension turned on from php.ini.

I've had the same problem. It turned out, that the ssl on the target system had a bad configuration.

After checking the php curl module, the GuzzleHttp version, the openssl version I called the link in the browser and it worked. But with curl --tlsv1 -kv https://www.example.com on the console there was still an error.

So I checked the ssl configuration at https://www.ssllabs.com/ssltest/ It was rated with B. And there where some Online Certificate Status Protocol (OCSP) errors I haven't seen before. Finally I changed my configuration on the target system to the suggestions at https://cipherli.st/ restarted the webserver and everything worked. The new rating at ssllabs is now A+.

My nginx configuration (Ubuntu 14.04, nginx 1.4.6-1ubuntu3.5):

ssl     on;
ssl_certificate /etc/ssl/certs/1_www.example.com_bundle.crt;
ssl_certificate_key     /etc/ssl/private/www.example.com.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
#ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify off; # Requires nginx => 1.3.7
ssl_dhparam /etc/ssl/private/dhparams.pem;
ssl_trusted_certificate /etc/ssl/startssl.ca.pem;
resolver 8.8.8.8 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; www.example.com; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

I think you mean to use CURLOPT_SSL_VERIFYHOST, not CURLOPT_SSL_VERIFYPEER

add this:

curl_setopt( $curl, CURLOPT_SSL_VERIFYHOST, 0);

I had the same error and worked fine for me.

I had the same error printed by the function curl_error but this is not necessarily related to SSL. It is better to print the precise error number with the function curl_errno and you can diagnose better from there. In my case it returned me a 52 error code and I could debug from there, in fact the other server was not sending any data.

It means the destination server require an SSL communication.

You should generate an SSL certificate for your sending server from wich you run the CURL request