Search code examples
phpsslcurlmamposx-yosemite

MAMP SSL error: "error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"

I am using MAMP on OS X Yosemite to develop a website on my local machine. The website is a client application for an API that runs on HTTPS. I keep getting this error when I try to call the API from PHP:

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The same code works on the server, but the site is already in production so I need to be able to create a separate development environment. I get exactly the same error whether I call the API with cURL or file_get_contents. I can use cURL on the command line or load the URL in my browser and it works fine. I've spent hours reading through and trying all the other solutions I could find on this site and elsewhere, and none of them have worked. Has anyone else seen this problem?

Update: I finally found a solution in my last ditch effort just before posting this question, but it was such a painful process that I'm posting it anyway in hopes it can help someone else avoid this hair-tearing catastrophe. My solution is below.

Solution

  • The solution:

    1. brew install openssl
    2. Download and unpack the latest cURL

    3. In the cURL source directory: 

      LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure --prefix=/Applications/MAMP/Library/
    4. make
    5. make install
    6. Restart MAMP

    7. In PHP, between curl_init and curl_exec:

      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    The explanation:

    The path to finding the solution started with this site, which describes a different SSL error on MAMP, and suggests recompiling a fresh version of cURL with
    --prefix=/Applications/MAMP/Library/ to overwrite the one MAMP uses. I tried this but it didn't work. Later, something possessed me to study the cURL compile options, and I noticed instructions for specifying a different version of OpenSSL when compiling it. I decided to give it a try (promising myself that this was the last attempt and then I would give up). I installed an up to date OpenSSL package with Homebrew, and its helpful post-install info said:

    If you build your own software and it requires this formula, you'll need to add to your 
build variables:

LDFLAGS:  -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include

    That looked similar to something I saw in the cURL compile options, which specified the correct syntax for the above:

    LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure

    I added back in the --prefix=/Applications/MAMP/Library/, followed by the usual make and make install, restarted MAMP, and sighed with relief.

    I later discovered that one of the cURL options I had thrown in from another website was also necessary to avoid a different SSL error ("SSL certificate problem: unable to get local issuer certificate"). Setting CURLOPT_SSL_VERIFYPEER to false solved that one for me.