Search code examples
phpcurlssldebianlighttpd

PHP CURL SSL Connecting to XML Gateway


This has been driving me crazy for 2 days - I have 2 PHP functions as detailed below both using curl. They point at exactly the same 'XML gateway' the only difference is one is trying to do it over SSL and the other over unencrypted HTTP.

The HTTP connector operator works exactly as expected, posting the XML file and returning the server response.

The SSL connector returns the ever so vague 'An internal server error occurred. Please try again later'. Nothing shows up in my lighttpd error log, has anyone got any bright ideas?

I'm wondering if it's my web server config/openSSL config. They are both Debian Wheezy standard packages. I appreciate SSL_VERIFYPEER & HOST being set to sale is insecure, however I've been trying to exhaust the options.

openssl s_client -connect xmlgw.companieshouse.gov.uk:443 -ssl3

and the command line function

curl https://xmlgw.companieshouse.gov.uk/v1-0/xmlgw/Gateway

also works as expected on the web server.

PHP functions:

//SSL post function

public function getSSLCurlResponse($xml) {
    $url = "https://xmlgw.companieshouse.gov.uk/v1-0/xmlgw/Gateway";

    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSLVERSION,3);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

    $response = curl_exec($ch);
    curl_close($ch);
    return $response;
}

//HTTP non SSL function
public function getCurlResponse($xml) {
    $url = "http://xmlgw.companieshouse.gov.uk/v1-0/xmlgw/Gateway";

    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $response = curl_exec($ch);
    curl_close($ch);
    return $response;
}

any help would be really appreciated!

Thanks


Solution

  • I have concluded this was an error in the overall connection to the server - though i could not find any way of proving that. I have managed to find an alternative solution without using an SSL socket.