Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

cURL SSL Test Script


user99999999

Recommended Posts

<?php
//Filename: curl_test.php

$ch = curl_init();

curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//Uncomment this for Windows.
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($ch, CURLOPT_URL, "https://www.stanford.edu/group/idg/leland/samples/secure/test.html");

$result = curl_exec($ch);

echo '<pre>';
print_r(curl_getinfo($ch));
echo '</pre>';

echo 'Errors: ' . curl_errno($ch) . ' ' . curl_error($ch) . '<br><br>';

curl_close ($ch);

echo $result . 'EOF';
?>

Link to comment
Share on other sites

Well

 

Assuming you have a working Apache/PHP/mysql installation on Windows.

 

Un comment the curl extension in windows/php.ini

extension=php_curl.dll

 

Copy the dlls from php/dlls to windows system dir.

libeay32.dll and ssleay32.dll are needed by curl for SSL.

 

Restart Apache

 

Check phpinfo()

 

Run the test script.

Link to comment
Share on other sites

Don't forget the following in php.ini:

; Directory in which the loadable extensions (modules) reside.
extension_dir = C:\php\extensions

Link to comment
Share on other sites

I do the same kind of thing, but from a remote server. A failure triggers an email to my cell phone.

 

The other thing that I do is take the results from cURL and parse for specific content that is dynamically generated from the DB. It's more likely to detect a MySQL failure. That way I have more of a functional test (end-to-end).

 

There's also a bunch of *free* monitoring services out there. Try http://www.internetseer.com/home/index.xtp

 

-Fred

-Fred

Link to comment
Share on other sites

New test shows how to correctly verify certificates by downloading the ca-bundle.crt. The ca-bundle.crt is not included with php/curl for windows but current versions of curl have verifypeer set to true causing the curl connection to fail.

 

Errors: 60 SSL certificate problem, verify that the CA cert is OK

 

<?php
//Filename: curl_test.php

$ch = curl_init();

curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//Disable certificate check.
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

//Enable certificate check
//Download ca-bundle.crt from http://cvs.php.net/cvs.php/curl/lib/ca-bundle.crt
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, "c:/www/catalog/includes/ca-bundle.crt");

curl_setopt($ch, CURLOPT_URL, "https://www.stanford.edu/group/idg/leland/samples/secure/test.html");

//curl_setopt($ch, CURLOPT_URL, "https://www.paypal.com");

$result = curl_exec($ch);

echo '<pre>';
print_r(curl_getinfo($ch));
echo '</pre>';

echo 'Errors: ' . curl_errno($ch) . ' ' . curl_error($ch) . '<br><br>';

curl_close ($ch);

echo $result . 'EOF';
?>

 

 

Sample Result

 

Content-type: text/html
X-Powered-By: PHP/4.3.6
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3

<pre>Array
(
   [url] => https://www.stanford.edu/group/idg/leland/samples/secure/test.html
   [content_type] => text/html; charset=ISO-8859-1
   [http_code] => 200
   [header_size] => 182
   [request_size] => 167
   [filetime] => -1
   [ssl_verify_result] => 0
   [redirect_count] => 0
   [total_time] => 8.163
   [namelookup_time] => 2.325
   [connect_time] => 2.695
   [pretransfer_time] => 7.282
   [size_upload] => 0
   [size_download] => 159
   [speed_download] => 19.478133039324
   [speed_upload] => 0
   [download_content_length] => 159
   [upload_content_length] => 0
   [starttransfer_time] => 8.163
   [redirect_time] => 0
)
</pre>Errors: 0 <br><br>HTTP/1.1 200 OK
Date: Fri, 30 Apr 2004 03:50:38 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 159
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html> <head>
<title>SSL test</title>
</head>

<body>
<h1>SSL test</h1>

Thanks for using SSL.

</body> </html>
EOF* About to connect() to www.stanford.edu:443
* Connected to www.LB-A.stanford.edu (171.67.16.85) port 443
* successfully set certificate verify locations:
*   CAfile: c:/web/pn726x/www/store/includes/ca-bundle.crt
*   CApath: none
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*   subject: /C=US/ST=California/L=Stanford/O=Stanford University/OU=ITSS/CN=www.Stanford.EDU
*   start date: 2003-08-25 00:00:00 GMT
*   expire date: 2004-08-24 23:59:59 GMT
*   common name: www.Stanford.EDU (matched)
*   issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
* SSL certificate verify ok.
> GET /group/idg/leland/samples/secure/test.html HTTP/1.1
Host: www.stanford.edu
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

< HTTP/1.1 200 OK
< Date: Fri, 30 Apr 2004 03:50:38 GMT
< Server: Apache
< Accept-Ranges: bytes
< Content-Length: 159
< Content-Type: text/html; charset=ISO-8859-1
< Content-Language: en
* Connection #0 left intact
* Closing connection #0

Link to comment
Share on other sites

  • 1 year later...

* Server certificate:

* subject: /C=US/ST=California/L=Stanford/O=Stanford University/OU=ITSS/CN=www.Stanford.EDU

* start date: 2003-08-25 00:00:00 GMT

* expire date: 2004-08-24 23:59:59 GMT

* common name: www.Stanford.EDU (matched)

* issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

 

How do you retrieve this information?

 

Or is there a better way to report invalid server certificate? such as invalid issuer, cert expired, url in cert does not matched website url, and invalid cert name.

 

Thanks

Michael

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...