[php-maint] Bug#780771: php5-curl: libcurl no more sends client certificate during mutual TLS authentication
root
alexandre-francois at voila.fr
Thu Mar 19 05:34:47 UTC 2015
Package: php5-curl
Version: 5.4.38-0+deb7u1
Severity: normal
Dear Maintainer,
I upgraded today from 5.4.36 to 5.4.38 and the mutual authentication that I have coded with
the curl php module is no more working : the client certificate is no more sent to the
server. Here is the code to reproduce the bug :
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_VERBOSE , TRUE);
curl_setopt($ch, CURLOPT_SSLCERT , "cert.pem");
curl_setopt($ch, CURLOPT_URL , "https://www.myweb.com");
echo curl_exec($ch);
?>
Output is :
* About to connect() to www.myweb.com port 443 (#0)
* Trying 10.11.12.13...
* connected
* Connected to myweb.com (10.11.12.13) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using DHE-RSA-AES256-SHA
[...]
* Server certificate:
* subject: C=FR; O=Org; CN=*.myweb.com
* start date: 2014-01-31 16:15:52 GMT
* expire date: 2019-01-31 16:15:52 GMT
* common name: *.myweb.com (matched)
* issuer: C=FR; O=Org; CN= Auth Server CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
Host: www.myweb.com
Accept: */*
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 400 Bad Request
< Server: nginx/1.4.4
< Date: Wed, 18 Mar 2015 19:57:28 GMT
< Content-Type: text/html
< Content-Length: 252
< Connection: close
<
* Closing connection #0
<html>
<head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.4.4</center>
</body>
</html>
Regards,
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5-curl depends on:
ii dpkg 1.16.15
ii libapache2-mod-php5 [phpapi-20100525] 5.4.38-0+deb7u1
ii libc6 2.13-38+deb7u8
ii libcurl3 7.26.0-1+wheezy12
ii php5-cli [phpapi-20100525] 5.4.38-0+deb7u1
ii php5-common 5.4.38-0+deb7u1
ii ucf 3.0025+nmu3
php5-curl recommends no packages.
php5-curl suggests no packages.
-- no debconf information
More information about the pkg-php-maint
mailing list