SSL > fread(fsockopen()) > Not working

When I go to https://www.thawte.com:443/  I see a secure web page there.  

So why does the below command return nothing?

shell> php -r 'fwrite(fsockopen("ssl://www.thawte.com", 443), "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread(fsockopen("ssl://www.thawte.com", 443), 8192));'

string(0) ""
shell> php -r 'fwrite(fsockopen("ssl://www.thawte.com", 443), "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread(fsockopen("ssl://www.thawte.com", 443), 8192));'
 
string(0) ""
 
 
=== Here's the dump of the Headers I should be seeing =====
GET / HTTP/1.1
Host: www.thawte.com:443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
 
HTTP/1.x 200 OK
Date: Tue, 07 Oct 2008 00:45:18 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 36400
Connection: close
Content-Type: text/html

Open in new window

Geoff MillikanAsked:
Who is Participating?
 
kelvinwkwConnect With a Mentor Commented:
What about this?

php -r '$fo = fsockopen("ssl://www.thawte.com", 443); fwrite($fo, "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread($fo, 8192));'

To perform a post, you may refer to the sample below

<?php      
$req="cmd=_xclick&business=a12345@hotmail.com&item_name=Youth&currency_code=USD&amount=75.00";
header("POST /us/cgi-bin/webscr HTTP/1.0");
header("Host: www.sandbox.paypal.com");
header("Content-Type: application/x-www-form-urlencoded");
header("Content-Length: " . strlen($req));
header($req);
?>
0
 
kelvinwkwCommented:
php -r "$fo = fsockopen(\"ssl://www.thawte.com\", 443); fwrite($fo, \"GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n\"); var_dump(fread($fo, 8192));"
0
 
ahoffmannCommented:
> Host: www.thawte.com:443\r\n

hmm, I doubt that such a host exists :)
better use
    Host: www.thawte.com\r\n
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
kelvinwkwCommented:
443 is the standard port for SSL
0
 
ahoffmannCommented:
> 443 is the standard port for SSL
what has a standard to do with this? noone restricts you to run HTTPS on any other port.
Anyway, that's out of scope here, the FQDN does not allow to contain : (colon), and as the Host header only allows FQDNs or IPs, the given string is invalid.
0
 
Geoff MillikanAuthor Commented:
ahoffmann: I believe the colon is allowed in t he HTTP header per RFC 2616 linked below.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

kelvinwkw: Looks like you're on the right track.  But the code returns with the below error on PHP 5.2

The code below works to read via GET over SSL but I'm stuck on getting a POST to work.  But that's scope creep, I guess I'll need to post another question.
shell> php -r "$fo = fsockopen(\"ssl://www.thawte.com\", 443); fwrite($fo, \"GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n\"); var_dump(fread($fo, 8192));"
 
Unmatched ".
 
 
-----====== SSL GET method ===----
$fp = fsockopen('ssl://www.thawte.com', 443);
$request="GET / HTTP/1.1\r\n";
$request.="Host: www.thawte.com:443\r\n";
$request.="User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3\r\n";
$request.="Connection: close\r\n";
$request.="\r\n";
fwrite($fp, $request);
$contents=stream_get_contents($fp, -1);
fclose($fp);
echo $contents;
?>

Open in new window

0
 
ahoffmannCommented:
> .. per RFC 2616 .
dooh, missed the optional part. Thanks for correction.
Anyway, the port part in the host header is optional, hence not part of the solution here.
0
 
Geoff MillikanAuthor Commented:
kelvinwkw:  Yes, that works!  I'll give you points.

Your POST example wasn't via SSL. Do you have a working SSL POST example?  I cannot get POST to work over SSL.  Can you?
0
 
Geoff MillikanAuthor Commented:
Arg.  I figured it out, I was missing the below line in t he header.

Content-Type: application/x-www-form-urlencoded

And that caused the POST'ed variables to bomb out and hang everything to no end.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.