Solved

SSL >  fread(fsockopen()) > Not working

Posted on 2008-10-06
9
978 Views
Last Modified: 2012-06-21
When I go to https://www.thawte.com:443/  I see a secure web page there.  

So why does the below command return nothing?

shell> php -r 'fwrite(fsockopen("ssl://www.thawte.com", 443), "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread(fsockopen("ssl://www.thawte.com", 443), 8192));'

string(0) ""
shell> php -r 'fwrite(fsockopen("ssl://www.thawte.com", 443), "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread(fsockopen("ssl://www.thawte.com", 443), 8192));'

 

string(0) ""

 

 

=== Here's the dump of the Headers I should be seeing =====

GET / HTTP/1.1

Host: www.thawte.com:443

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

 

HTTP/1.x 200 OK

Date: Tue, 07 Oct 2008 00:45:18 GMT

Server: Apache

Accept-Ranges: bytes

Content-Length: 36400

Connection: close

Content-Type: text/html

Open in new window

0
Comment
Question by:Geoff Millikan
  • 3
  • 3
  • 3
9 Comments
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 22657643
php -r "$fo = fsockopen(\"ssl://www.thawte.com\", 443); fwrite($fo, \"GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n\"); var_dump(fread($fo, 8192));"
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22664756
> Host: www.thawte.com:443\r\n

hmm, I doubt that such a host exists :)
better use
    Host: www.thawte.com\r\n
0
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 22664829
443 is the standard port for SSL
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22664857
> 443 is the standard port for SSL
what has a standard to do with this? noone restricts you to run HTTPS on any other port.
Anyway, that's out of scope here, the FQDN does not allow to contain : (colon), and as the Host header only allows FQDNs or IPs, the given string is invalid.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Geoff Millikan
ID: 22666241
ahoffmann: I believe the colon is allowed in t he HTTP header per RFC 2616 linked below.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

kelvinwkw: Looks like you're on the right track.  But the code returns with the below error on PHP 5.2

The code below works to read via GET over SSL but I'm stuck on getting a POST to work.  But that's scope creep, I guess I'll need to post another question.
shell> php -r "$fo = fsockopen(\"ssl://www.thawte.com\", 443); fwrite($fo, \"GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n\"); var_dump(fread($fo, 8192));"
 

Unmatched ".
 
 

-----====== SSL GET method ===----

$fp = fsockopen('ssl://www.thawte.com', 443);

$request="GET / HTTP/1.1\r\n";

$request.="Host: www.thawte.com:443\r\n";

$request.="User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3\r\n";

$request.="Connection: close\r\n";

$request.="\r\n";

fwrite($fp, $request);

$contents=stream_get_contents($fp, -1);

fclose($fp);

echo $contents;

?>

Open in new window

0
 
LVL 11

Accepted Solution

by:
kelvinwkw earned 500 total points
ID: 22666480
What about this?

php -r '$fo = fsockopen("ssl://www.thawte.com", 443); fwrite($fo, "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread($fo, 8192));'

To perform a post, you may refer to the sample below

<?php      
$req="cmd=_xclick&business=a12345@hotmail.com&item_name=Youth&currency_code=USD&amount=75.00";
header("POST /us/cgi-bin/webscr HTTP/1.0");
header("Host: www.sandbox.paypal.com");
header("Content-Type: application/x-www-form-urlencoded");
header("Content-Length: " . strlen($req));
header($req);
?>
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22666502
> .. per RFC 2616 .
dooh, missed the optional part. Thanks for correction.
Anyway, the port part in the host header is optional, hence not part of the solution here.
0
 

Author Comment

by:Geoff Millikan
ID: 22668246
kelvinwkw:  Yes, that works!  I'll give you points.

Your POST example wasn't via SSL. Do you have a working SSL POST example?  I cannot get POST to work over SSL.  Can you?
0
 

Author Comment

by:Geoff Millikan
ID: 22673266
Arg.  I figured it out, I was missing the below line in t he header.

Content-Type: application/x-www-form-urlencoded

And that caused the POST'ed variables to bomb out and hang everything to no end.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to create a scatter graph with straight lines 6 28
WordPress TK Title 8 25
Sweet32 Vulnerability in Microsoft IIS7.5 6 56
php function to remove a file 26 7
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now