Link to home
Create AccountLog in
Avatar of Overthere
Overthere

asked on

CURL - HTTPS Error with PHP 5.5.12

HI folks,
  I am using PHP v 5.5.12 , Apache 2.4.9 (Wamp)  on a Windows 10. I am using localhost.
In my coding, I am trying to connect to a https website to exchange xml. I  keep receiving the following error:
Protocol "https not supported or disabled in libcurl"
I checked the php extensions and they are checked for curl.

My understanding is the ssl protocol was not complied and included with the built. I installed everything from Sourceforce/wampserver I did the automagic install for Apache, Php, Wampserver etc.
I did not compile any files etc. I am just totally confused after reading so many articles on how to correct it.
Could someone please give me simple complete step-by-step instructions. It would be appreciated...
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image

Sounds like you might have an old or a development snapshot of WampServer. To be honest, I don't really use WampServer. Most WAMP server packages tend to be out of date with versions of PHP.

I'd recommend using EasyPHP DevServer if you want to get the latest and greatest versions of things (it comes with PHP 7, which is a LOT faster in certain scenarios).

If you don't want to change what you're using, then you could go get the PHP version from their archives that matches your situation and then extract the curl extension, rename the one you already have, and put the new one in place:

I -think- this should be the one you're looking for:
http://windows.php.net/downloads/releases/archives/php-5.5.12-Win32-VC11-x86.zip

...but that's a guess based on what you've described. So make sure you don't delete or overwrite the curl extension that you already have - just rename it and put the cURL from this package in its place.
Avatar of Overthere
Overthere

ASKER

Thank you for responding. I am going to try your suggestion.
It's so odd because  I checked my php.ini and the php_curl_dll and php_openssl.dll  is checked.
I also made sure that they uncommented in php.ini file.  Yet, I have that error..
I will try it tonight and see what unfolds...
php_openssl.dll is a separate extension that provides OpenSSL functions to your scripts.

php_curl.dll is a separate extension that just provides network-related functions to your scripts. It has no relationship at all to php_openssl.dll.

However, you're not crazy. cURL does (or can) make use of OpenSSL, but that's handled at the time that php_curl.dll is compiled. Basically, when someone goes and builds a Windows version of PHP and its extensions, that person can say, "I want cURL to be able to handle HTTPS, FTPS, LDAP, etc..." and so on. So cURL has to be compiled/built in a specific fashion to contain code for handling HTTPS. And when that person decides that they want the php_curl.dll extension to have HTTPS support, they need to point it at the OpenSSL engine, so it knows how to "speak" SSL. Again, that's all compile-time stuff, so by the time you have php_curl.dll, all those decisions have already been made for you. You can't change a DLL file, so your only option is to find another one that DOES have HTTPS support built in (which is usually the versions that come straight from the PHP site).
It might help to visualize cURL as this big swiss army knife you buy from a store. Whoever builds it gets to determine if it comes with a spoon or a knife or a screwdriver, etc...

Then you have the php_openssl.dll which is like a screwdriver you can buy separately. So you can have your separate screwdriver AND you can have a swiss army knife that has a miniature screwdriver built in, too.
I tried your first suggestion and receive the same result. I need to stay with php 5.5. or I would go with EasyDev Server. I checked out the page and saw where it does allow you choose 5.5 or did I misread it??
I like your explanation and comparisons -
I am not sure where to go from here....
Out of curiosity, why do you need to stay with PHP 5.5? There shouldn't be anything removed in PHP 7 that hasn't been deprecated for a long time already...

EasyPHP lets you choose either PHP 7 or PHP 5.6.

When you said you tried my first suggestion, can you be clear on the steps you took?
Did you tried running your code on a different web server?  

And with regard to the changes you have made to php configuration, after making all the changes required on the web server configuration you need to RECOMPILE php in order to changes reflect on your web server.

I had same issue on the linux hosting, when we made all the required changes(exp:OPEN SSL, TLS) in order to make CURL request working, the changes were reflecting in php. ini, but still it did not work.

When PHP was recompiled on the server, CURL request started functioning, but I had to loose some files.   And I hope it is not as easy job to do it on WAMP where you may need change the DLLs etc.

It is better to configure a new version of web server where everything is enabled for you.
Here's what I did -
1. I clicked on the link you provided and downloaded the file.
2.Renamed the original php_curl.dll and php_openssl.dll .
3.Extracted the php_curl and php_openssl.dll to the php/ext folder
4. rebooted and tried again - same results.
5.downloaded and installed EasyDev. - created new project folders.  Stopped WampServer. Rebooted my computer and started easyDev Sever - same result.

I have never recompiled php. Wampsever etc was initially downloaded a file from sourgeforce . Self-executing. I have never compiled binary files and picking the right is just confusing to me.
The client has a very large application that is 5,5 based.
I am going to try the page on the live server. I develop by using my computer as local host.
I honestly don't know what to try next.
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Also, 64-bit PHP does not support a number extensions.  I tried it on one computer and had to switch to 32-bit to get the extensions I needed.
Thank you David - I did find info on the ssleay32.dll and dropped into the windows system 32 folder as instructed. But didn't know about libeay32.dll. Please explain " to be in the path for PHP" - not sure what you meant.
I also downloaded php--5.6.29-tar-bz file but haven't messed with it.
I don't know why things have to be so difficult - I was just flying with my coding and BONG! Curl messing with me...sigh
In all of my Windows PHP installations including WAMP, XAMPP, and half a dozen standalone installs with IIS and Apache and nginx, those files are in the PHP directory where 'php.exe' and 'php.ini' are located.  I don't have any problems with PHP curl (which I use a lot) but all of my installs here are 32-bit.  I'm going to check my hosting accounts.

'php--5.6.29-tar-bz' doesn't sound like something that will work with WAMP.  WAMP has a lot of specialized modifications to the applications it supports in order to make them work together.  Installing a version of PHP outside of WAMP will not usually work properly.

I would also recommend that you download and install the latest version of WAMP from this page http://www.wampserver.com/en/ and get rid of the previous versions.  Or get the 32-bit version from this page:  https://sourceforge.net/projects/wampserver/files/WampServer%202/Wampserver%202.5/
I checked and all of my Linux hosted versions of PHP are 64-bit.  However they are running the exact same PHP curl programs that I have here on my local 32-bit versions.
Thank you David - I am using the 32-bit version. I am going uninstall my wamp server etc , download from the link you provided and reinstall again. Could it be something specific on my computer settings? I checked my IE options and use SSL 3.0 is checked.
I will keep you posted...
Can you share the code that's producing the error?
Also, your internet explorer security settings have nothing to do with curl (although just as a good security practice for yourself I would recommend unchecking SSL 2.0, SSL 3.0, and TLS 1.0 - those are weak security protocols and should not be used anymore).
I uninstalled my current version of WampSever (after creating a restore point and backup).
I backup my www directory.
I installed Wampserver 64 and it installed Apache, MySQL, Php 5.6 and 7.0 (downloaded from link provided)
Created new project and dropped my pages into it.
I checked the php extensions and looks good, I had to check php_curl and php_openssl. When I execute phpinfo.php - it shows curl and openssl enabled.
 What about the ext for MS SQL? I see nothing displayed and nothing in php.in.. and that is what is  I use.  I remember that I had to download them but which ones??
also what about environment variable?
I rebooted my computer and same old same when I executed my page..
Also phpmyadmin wants a username/password and it never asked for during installation ?? I can find any reference to a default one other than "YES"
I have inserted my coding. Note the website address is not valid - I substituted mysite.com for good reasons.
<?php

			  	$xmlmsg = '';
                    $xmlmsg = '<?xml version="1.0" encoding="utf-8"?> ';
	                $xmlmsg = $xmlmsg . '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"' . 
					                    ' xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ "> ';
					
                   // print $xmlmsg . '<br>';
          		    $xmlmsg = $xmlmsg . '<soap:Header>';
                    $xmlmsg = $xmlmsg . '<GatewaySoapAuthentication xmlns="http://ws.mysite.com/ ">';
                    $xmlmsg = $xmlmsg . ' <Username>myuser</Username>';
                    $xmlmsg = $xmlmsg . ' <Password>mypass</Password>';
                    $xmlmsg = $xmlmsg . ' </GatewaySoapAuthentication>';
                    $xmlmsg = $xmlmsg . ' </soap:Header>';
                    $xmlmsg = $xmlmsg . ' <soap:Body>';
                    $xmlmsg = $xmlmsg . ' <GetBookingDetails xmlns="http://ws.mysite.com/ "> ';
                    $xmlmsg = $xmlmsg . ' <bookingDetailsRequest>';
                    $xmlmsg = $xmlmsg . ' <BookingNumber>12345</BookingNumber>';
                    $xmlmsg = $xmlmsg . ' </bookingDetailsRequest>';
                    $xmlmsg = $xmlmsg . ' </GetBookingDetails>';
                    $xmlmsg = $xmlmsg . ' </soap:Body>';
                    $xmlmsg = $xmlmsg . ' </soap:Envelope>';
					//echo $xmlmsg;
					// assemble header content
					$header = array(
					          'Content-type: text/xml; charset=uf-8',
							  'Content-length: ' . strlen($xmlmsg),
							  'SOAPAction: "http://ws.mysite.com/GetBookingDetails"',
							  'Connection: close',
							   );
					// setup curl parameters
					$url = '"https://ws.mysite.com/test/mygateway.asmx " ';
					$ch = curl_init();
					curl_setopt($ch,CURLOPT_URL,$url);
					curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
					curl_setopt($ch,CURLOPT_TIMEOUT,10);
					curl_setopt($ch,CURLOPT_POST,true);
					curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
					$data = curl_exec($ch);
					if(curl_errno($ch))
					{
						 $errmsg = curl_error($ch);
						 echo 'At Error rtn' . $errmsg . '<br>';
						 print curl_error($ch);
						
					}else{
						curl_close($ch);
						echo "Sent Okay";
						echo $data;
					
					}
?>

Open in new window

The MS SQL extension 'mssql' is not supported after PHP 5.3 on Windows.  Microsoft create the 'sqlsrv' extension to replace it and it is not a 'drop-in' replacement, the syntax is different.  In addition to downloading the 'sqlsrv' extension from Microsoft, you need either the SQL Native Client or the MS ODBC driver to make it work.

http://php.net/manual/en/book.sqlsrv.php

'phpmyadmin' uses the privileges from the MySQL database.  It does not have a separate login for itself.
Thank you both for answering. I had forgotten about the fact I had download from MS the SQLSRV which is what I had been using - and I do have the Native client installed so I did not need to reinstall it. And I forgot entirely about how phpmyadmin use the u/p from MySQL db.
I downloaded SQLSrV3.2 and I receive this error in php error log :
10-Mar-2017 22:43:33 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'c:/wamp64/bin/php/php5.6.25/ext/php_sqlsrv_55_ts.dll' - %1 is not a valid Win32 application.
according to what I read at the MS site, and since I am using 5.6, SQLSrV32 should be the right one.
What about the environment variable?
As for the page executing curl, I still have same error.
I also found this about the error message: but I don't see a misspelling /whitespace etc...

"3.21 Protocol xxx not supported or disabled in libcurl
  When passing on a URL to curl to use, it may respond that the particular
  protocol is not supported or disabled. The particular way this error message
  is phrased is because curl doesn't make a distinction internally of whether
  a particular protocol is not supported (i.e. never got any code added that
  knows how to speak that protocol) or if it was explicitly disabled. curl can
  be built to only support a given set of protocols, and the rest would then
  be disabled or not supported."

  Note that this error will also occur if you pass a wrongly spelled protocol
  part as in "htpt://example.com" or as in the less evident case if you prefix
  the protocol part with a space as in " http://example.com/".
No, there is a specific version or 'sqlsrv' for PHP 5.6.  'php_sqlsrv_56_ts.dll'

Your curl_setopt() looks incomplete to me.  I'll have to check my other computer.
Below is my code for testing TLSv1.2 connections on some sites.  You can get 'cacert.pem' from the cURL web site on this page:  https://curl.haxx.se/docs/caextract.html  Note that PHP curl is a PHP extension built from the cURL source.
    $ch      = curl_init($url);
    //curl_setopt_array($ch,$options); only for PHP 5
		curl_setopt($ch, CURLOPT_CAINFO,'cacert.pem');
		curl_setopt($ch, CURLOPT_STDERR, $log);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_HEADER, false);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
		curl_setopt($ch, CURLOPT_ENCODING, "");
		curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0");
		curl_setopt($ch, CURLOPT_AUTOREFERER, true);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
		curl_setopt($ch, CURLOPT_TIMEOUT, 60);
		curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
		curl_setopt($ch, CURLOPT_POST, 1);
		curl_setopt($ch, CURLOPT_POSTFIELDS, $curl_data);
		curl_setopt($ch, CURLOPT_SSLVERSION, 6);
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
		curl_setopt($ch, CURLOPT_VERBOSE, 1);
    $content = curl_exec($ch);
    $err     = curl_errno($ch);
    $errmsg  = curl_error($ch) ;
    $header  = curl_getinfo($ch);
    curl_close($ch);

Open in new window

ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I wondered about that but doesn't  it need the double quotes to correct?
The example the vendor gave to me as to addresses all show being contained within double quotes i.e. xmls="http://ws.somesite,com/"
I will take them out and see what happens...
Okay, I am not sure that I am going to communicate this thought very well but...
The original error message I received  before I inserted the double quotes and before asking for help at EE was this:
"SSL certificate problem: unable to get local issuer certificate"
According to their documentation, they use ssl hence a certificate for thier production site.
Whither I need certificate for the test site I do not know as they did not respond to my question about it.
When I view the structure of their link they gave me, I would say a big yes because its url is
https://ws.someplace.com/test/theirmethod.asmx  - make sense?
that being so, I was wondering if there was a site I could connect with that uses https/ssl and that way I could check if it
REALLY is my curl installation  or the lack of a certificate on local machine??  see what I mean??
If I could connect to some other https site atleast I know my curl protocol is good...see what I am saying? Process of elimination...
So in this case, you're just telling PHP what value to put into a variable. With strings, you can use either single or double quotes. These two lines have EXACTLY the same end result:

$variableName = "hello";  // Result: $variableName with a string value of hello
$variableName = 'hello'; // Result: $variableName with a string value of hello  (exactly the same)

There's a minor difference in how PHP handles double quotes versus single quotes, which usually comes down to whether or not you want to embed other variables inside your value. When there are double quotes, PHP will look inside for any other variables, and then put their values in place:

$firstName = "Jonathan";
$variableName = "My first name is $firstName"; // Result: My first name is Jonathan
$variableName = 'My first name is $firstName'; // Result: My first name is $firstName

So single quotes don't "interpret" any embedded variables. PHP just spits out exactly what it sees. However, you only need one set of quotes. Otherwise, the inner-most quote marks become part of the actual value (the same as if you put those quote marks around the URL in the browser's address bar, instead of just the URL).

So cURL was saying it couldn't handle a protocol called "https, with the quote at the front, because it knows what https is, but it doesn't know what "https is.

Now, your original error message "unable to get local issuer certificate" is the more appropriate one.

If you just want to TEST to validate that everything should work after fixing the SSL certificate issue, you can turn off the VERIFYPEER cURL option, but that is not the appropriate long-term fix. When you turn that setting off, you're essentially disabling a large part of HTTPS security, so if you turn it off, it should only be temporary, and then you should turn it back on again before you go to production.

Ultimately, you will probably just need to download a CA bundle and point cURL to it using the CAINFO option (check the PHP page for curl_setopt for more information on setting CAINFO). You can download the most recent CA bundle directly from cURL's own site:

https://curl.haxx.se/ca/cacert.pem

(Yes, the domain name is terrible, but that actually is the real site for the makers of cURL).

Dave has a good example of the options in his comment above.
Thank you. You and David explain things very clear. You have certainly clarified the usage of quotes, I knew that you could use single or double. When I first started with php, I used dbl - habit from other languages. But forced myself to use single cause I think its better.  I had originally a day ago - seems like years - downloaded the cacert.pem and pointed to it etc in my curl coding. But for whatever reason, took it out. I have noticed something weird with downloading the cacert.pem - right-ckick menu doesn't show a download option.
I have uninstall Wampserver 64 and re-installed 32 because of MS SQL. that's why I got the error of  "c:/wamp64/bin/php/php5.6.25/ext/php_sqlsrv_55_ts.dll' - %1 is not a valid Win32 application". I could use some 3rd party for the drivers but prefer not to..one less thing to worry about. I think I have been chasing my tail about curl not being installed correctly - might still be but I had been getting the certificate message two days ago . Then when I received a different link to try, I felt something else must be wrong. And tonight when I kept looking at that link, I just shook my head cause I think by the usage of https in the link - that I do need a certificate for even testing. more later...
Not clear enough apparently.  In Firefox if you right click on the link, select "Save Link as" to download a file.  Then 'cacert.pem' needs to be copied to a location where it is accessible to the PHP page you are running.  I put it in the same directory where the PHP page is.  In part I do that because I use it on a number of different sites and each one needs it's own copy.

There is no 3rd party for the 'sqlsrv' driver, it is only available from Microsoft.  And you need the one that matches the version of PHP that you are running which in your post above shows as PHP 5.6 and not PHP 5.5.  You can't mix them.  "c:/wamp64/bin/php/php5.6.25/ext/php_sqlsrv_55_ts.dll" should be "c:/wamp64/bin/php/php5.6.25/ext/php_sqlsrv_56_ts.dll".
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thank you all for responding. Yes, you are right about not mixing sql dvrs with versions of php and I didn't. I found information about why it first gave me ""c:/wamp64/bin/php/php5.6.25/ext/php_sqlsrv_55_ts.dll' - %1 is not a valid Win32 application".  And corrected that - here's the link that provided the solution - "http://stackoverflow.com/questions/26197659/wamp-php-startup-error-unable-to-load-dynamic-library"
With the comment of : "left click wampmanager -> Apache -> Version -> (and click on the version number)
This will cause wampmanager to rebuild all the SYMLINKS in the apache/bin folder, and restart Apache. This should fix the issue and stop the errors from appearing in the php error log.? Its evidently a hitch in the installation. PhpMyAdmin - when you click on it the first time wants a username/password - there is a dialog box that tells you what to use for username and no password for the first time - its "root". Then you can change it  or not...
I am going to close out this question and split points. All of you provided good info. I am in the processing of acquiring a certificate and I think I will be rolling again... Again thank you all for your help and support. If splitting points is not satisfactory to you folks, let me know.
Thank you all so much.