Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

OpenSSL + PHP4 + cURL + Apache = HTTPS:\\*BOOM*

From: Stephen Amadei <amadei_at_dandy.net>
Date: Tue, 10 Jun 2003 14:46:06 -0400 (EDT)

Hey guys.

I have a particular problem with cURL and libcurl.

I have used cURL and libcurl for quite some time with
my OpenSSL/PHP4/Apache webservers. Actually, I us the
ApacheToolBox with some custom bits to compile my webserver.
Anyway, as newer versions of OpenSSL and PHP4 (and cURL) come out,
I've had more and more problems getting OpenSSL to function. Since my
internal systems _only_ run HTTPS, this is a problem.

With the latest OpenSSL 0.9.7b, PHP 4.3.2, Apache 1.3.27
and cURL 7.10.5, I am completely unable to run HTTPS on my webserver.
I slowly went through the mods and add-ons and finally narrowed it
down to cURL, which is normally compiled into my PHP4 before PHP4 gets
compiled into Apache.

The compile goes well, but when I run my webserver, it can't dish out
HTTPS pages... but it can run non-SSL. In my ssl_engine_log, I get

SSL handshake failed (server Canopus.dandy.net:443, client 209.128.224.6)
(OpenSSL library error follows)
[error] OpenSSL: error:1409D08A:SSL routines:func(157):reason(138)

The OpenSSL error is "SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable".

If I do the _exact_ same compile with libcurl deleted from my system,
OpenSSL works perfectly.

My system is Slackware 8.1 with a reasonably new kernel... 2.4.19-grsec
I have gone on a all-out extermination before reinstalling the
lastest versions of PHP4, OpenSSL and cURL, so I know that it isn't
leftover include files or libraries.

Interestingly enough, every thing seemed to work fine under older versions
of cURL... I think the last one was 7.8.x. Also, everything works find on
my Slackware 9.0 system using the same code.

I'm just baffled. To be honest, I'm not expecting anyone here to be able
to solve the problem, but I wanted to see if anyone has any idea what cURL
could be doing to upset my house of cards.

While I don't _need_ cURL on my internal systems, I am afraid I might need
it on my production servers, so I _would_ like to come up with a fix.

Thanks in advance.

                                        ----Steve
Stephen Amadei
Dandy.NET! CTO
Atlantic City, NJ

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
Received on 2003-06-10