Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: PHP HTTPS Proxy

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 9 Feb 2017 17:19:33 -0500

On 2/9/2017 4:22 PM, beshoo wrote:
> I dont know how to apply it , please have a look :
>
> <?php
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_URL, 'http://whatismyip.org');
> curl_setopt($ch, CURLOPT_HEADER, 1);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
> curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
> curl_setopt($ch, CURLOPT_PROXY,
> 'https://0f5ee342326fecbfb582ed3dc3495fb10f8ebd56:4F11C6A666BF2B9F922309B29CC486F4CC48CA2900E7B7F8679D69E42786EA21@68.71.55.53:443');
> curl_setopt($ch, CURLOPT_VERBOSE, true);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
> curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
>
> curl_setopt($ch, CURLOPT_PROXYUSERPWD, $auth);
> print $data = curl_exec($ch);
> curl_close($ch);
>
> ?>
>
> Output :
> * Rebuilt URL to: http://whatismyip.org/
> * Trying 68.71.55.53...
> * TCP_NODELAY set
> * Connected to (nil) (68.71.55.53) port 443 (#0)
> * Cipher selection:
> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * SSL certificate problem: unable to get local issuer certificate
> * Curl_http_done: called premature == 0
> * Closing connection 0
>
> root_at_server [/root]# curl -V
> curl 7.52.1 (x86_64-redhat-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.1e
> zlib/1.2.3 c-ares/1.12.0 libssh2/1.8.0 nghttp2/1.6.0
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy Metalink
> root_at_server [/root]#

Please stop top-posting [1] it makes the conversation hard to follow.

CURLOPT_PROXYTYPE set to CURLPROXY_HTTP is wrong and isn't needed since
you're specifying the proxy as https://. If you wanted to specify the
type separately you'd use CURLPROXY_HTTPS [2].

CURLOPT_PROXYUSERPWD isn't needed since you're specifying the proxy as
https://user:pass@host

CURLOPT_SSL_VERIFYPEER I wouldn't disable, it disables certificate
verification which opens you up to a MITM attack. Also it has no effect
on HTTPS proxies. To disable peer and host verification for the proxy
use CURLOPT_PROXY_SSL_VERIFYHOST [3] at least and
CURLOPT_PROXY_SSL_VERIFYPEER [4]. But instead though you could use
ca.opera-proxy.net as your proxy host and don't disable any
verification. Also you should change your password since you posted it
to a public mailing list.

[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_PROXYTYPE.html
[3]: https://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SSL_VERIFYHOST.html
[4]: https://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SSL_VERIFYPEER.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-09