Eu encontrei o problema
ServerName example.com:443
estava faltando na configuração ssl.conf
Por favor considere dois comandos curl
:
curl -v --ssl link
* About to connect() to example.com port 443 (#0)
* Trying 10.20.30.40...
* connected
* Connected to example.com (10.20.30.40) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
* Closing connection #0
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
curl -v -3 --ssl link
About to connect() to example.com port 443 (#0)
* Trying 10.20.30.40...
* connected
* Connected to example.com (10.20.30.40) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: (certificate token etc.)
* start date: 2013-03-24 12:59:13 GMT
* expire date: 2014-03-28 05:41:38 GMT
* subjectAltName: example.com matched
* issuer: C=US; O=GeoTrust, Inc.; CN=RapidSSL CA
* SSL certificate verify ok.
> GET /status.php HTTP/1.1
> User-Agent: curl/7.25.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0 OpenSSL/0.9.8o zlib/1.2.7 libidn/1.15 libssh2/1.2.6
> Host: example.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 23 Sep 2013 11:00:51 GMT
< Server: Apache
< Content-Length: 195
< Connection: close
< Content-Type: text/plain; charset=utf-8
<
(html there)
* Closing connection #0
* SSLv3, TLS alert, Client hello (1)
Parâmetros:
-v
= verbose --ssl
= use SSL -3
= use SSLv3 A pergunta é: por que tal SSL23_GET_SERVER_HELLO:reason(1112)
de erro? Como corrigi-lo? É o problema de cliente ou servidor (servidor https)?
Eu não me importaria de usar o curl com o parâmetro -3
, mas o mesmo problema aparece ao usar a função file_get_contents()
do PHP. Eu sei que existem soluções alternativas do PHP, mas quero fazer as coisas corretamente.
Tags ssl curl https apache-2.2