0

I have a wordpress site that its failing. I tracked the issue and I found that is due to curl_exec() failing with HTTPS sites.

I'm running php 5.6 in a Alpine Linux v3.8 container with lighttpd.

The logs (error.log) don't give too much information:

(http-header-glue.c.1250) read(): Connection reset by peer 8 9 (gw_backend.c.2149) response not received, request sent: 1017 on socket: unix:/var/run/lighttpd/php.socket-0 for /curl_test.php?, closing connection

These are the related packages which are installed:

php5-common-5.6.40-r0
php5-cgi-5.6.40-r0
php5-gd-5.6.40-r0
php5-iconv-5.6.40-r0
php5-json-5.6.40-r0
php5-mysqli-5.6.40-r0
php5-zip-5.6.40-r0
php5-xml-5.6.40-r0
php5-dom-5.6.40-r0
php5-intl-5.6.40-r0
php5-ctype-5.6.40-r0
php5-mysql-5.6.40-r0
php5-openssl-5.6.40-r0
php5-curl-5.6.40-r0
curl-7.61.1-r2
libcurl-7.64.1-r1
libssl1.1-1.1.1b-r1
ssl_client-1.30.1-r1
libressl2.7-libcrypto-2.7.5-r0
libressl2.7-libssl-2.7.5-r0
libssl1.0-1.0.2r-r0
lighttpd-1.4.53-r1
lighttpd-openrc-1.4.53-r1
openssl-1.0.2r-r0
ca-certificates-cacert-20190108-r0
ca-certificates-20190108-r0

I have tried to display errors on screen (using error_reporting, etc) but it seems that its crashing before being able to get the error.

I found this similar question, but I believe its not about the code, but more about some library or setting missing in my installation.

The code I'm using for testing is:

error_reporting(E_ALL); ini_set('display_errors', 1);
$curl = curl_init( 'https://example.com' );
curl_setopt($curl, CURLOPT_CAINFO, '/etc/lighttpd/cacert.pem');
curl_setopt($curl, CURLOPT_CAPATH, '/etc/ssl/certs');
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, array( 'field1' => 'some data', 'field2' => 'some more data' ) );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
$response = curl_exec( $curl );
curl_close( $curl );

Note: I downloaded cacert.pem from here, and /etc/ssl/certs/ is not empty.

The error displayed is: "500 Internal Server Error".

Not even disabling SSL check works:

curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

All works if instead of "https" I change it to "http".

What am I missing?

UPDATE (1)

Following this question I executed:

$w = stream_get_wrappers();
echo 'openssl: ',  extension_loaded  ('openssl') ? 'yes':'no', "\n";
echo 'http wrapper: ', in_array('http', $w) ? 'yes':'no', "\n";
echo 'https wrapper: ', in_array('https', $w) ? 'yes':'no', "\n";
echo 'wrappers: ', var_export($w);

The result is:

openssl: yes
http wrapper: yes
https wrapper: yes
wrappers: array (
  0 => 'compress.zlib',
  1 => 'php',
  2 => 'file',
  3 => 'glob',
  4 => 'data',
  5 => 'http',
  6 => 'ftp',
  7 => 'https',
  8 => 'ftps',
  9 => 'zip',
)

Note: allow_url_fopen is on.

UPDATE (2)

I moved the site into a fresh container and it works fine. Some library or something was causing this issue.

lepe
  • 468
  • 1
  • 6
  • 23
  • This bug report may be related: https://github.com/docker-library/official-images/issues/2773 , but following their suggestion (installing/updating ca-certificates), didn't solve it. – lepe Jun 21 '19 at 06:57
  • It is not clear if the problem happens with all https sites or only with some particular ones. In the first case it might be a problem with the setup of the sites, in the latter case it might be a problem with the local setup. Please make also sure that you can reach the sites in question by other means from the same system, i.e. that it is really related to your code and not that some firewall is blocking the connection to these sites. – Steffen Ullrich Jun 21 '19 at 07:04
  • @SteffenUllrich : it doesn't matter which site you specify. For example, if I use `http://google.com` works, if I use `https://google.com` it doesn't. (I have tried with several domains, even "example.com", which doesn't actually exists, and the result is the same) – lepe Jun 21 '19 at 07:06
  • So this can exclude misconfiguration of the target for now. How about *"Please make also sure that you can reach the sites in question by other means from the same system"* to make sure that the sites are not blocked in general from your system but that it is actually related to your PHP setup. – Steffen Ullrich Jun 21 '19 at 07:14
  • @SteffenUllrich : `$ curl -L https://google.com` from terminal, returns the correct content. – lepe Jun 21 '19 at 07:17
  • @SteffenUllrich : I added 'Update 1' based in other question. – lepe Jun 21 '19 at 07:23

1 Answers1

0

I faced this issue in another container and updating to php7 solved the issue.

lepe
  • 468
  • 1
  • 6
  • 23