Tag Archives: Personal experience

Record the pits you stepped on – NSS error – 5938 (PR_ END_ OF_ FILE_ ERROR), curl: (35) Encountered end of file

PHP passes curl POST data to HTTPS, the same code, with no problems on the first server. It has been unsuccessful on the second server.
Turn on debug Mode and you find the following log.
code:
————————————————————-
Try {
# 1. The init curl
$ch = curl_init ();

# 2. Set the option
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postFields);

if ($headerFields! = NULL){
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerFields);
}

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt ($ch, CURLOPT_SSLCERT, self: : CLIENT_CRT);
Curl_setopt ($ch, CURLOPT_SSLKEY, self: : CLIENT_KEY);
Curl_setopt ($ch, CURLOPT_VERBOSE, 1); #debug mode
Curl_setopt ($ch, CURLOPT_STDERR, fopen (“/TMP/curl_ssl. Log “, “w +”)); #debug mode, print log to:/TMP/curl_SSL.log

# 3.execute curl and get response
$result = curl_exec($ch);
Log::info(” info: HttpMethod:: http_post-get Result:”.$Result);

$rlt_array = json_decode($result, true);
$rsp_array = curl_getinfo ($ch);
Log: : info ($rsp_array);

# 4. Release the curl
curl_close ($ch);
} catch (\Exception $e) {
Log: : info ($e);
}
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — –

/tmp/curl_ssl.log:
————————————————————-

* About to connect() to 180.101.147.89 Port8743 (#1)
* Trying 180.101.147.89…
* Connected to 180.101.147.89(180.101.147.89) Port 8743 (#1)
* NSS error -5938(PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 1
————————————————————-
Found an error calling HTTPS with the curl command:
————————————————————-

[root@localhost ~]# curl https://*.*.*.*
curl: (35) Encountered end of file
————————————————————-
Reason: You need to force the SSL version. Such as:
-2, –sslv2 Use sslv2 (SSL)
-3, Sslv3 Use sslv3 (SSL)
–ssl-allow-beast allow security arrest to improve interop (SSL)
–stderr FILE Where to redirect stderr.-means stdout
–tcp-nodelay Use the ctod TCP_NODELAY option
-t, –telnet-option OPT=VAL Set Telnet option
–tftp-blksize VALUE Set TFTP blksize option (must be > 512)
-z, –time-cond time Transfer based on a time condition
-1, –tlsv1 Use => TLSv1 (SSL)
– tlsv1.0 Use tlsv1.0 (SSL)
– tlsv1.1 Use tlsv1.1 (SSL)
– tlsv1.2 Use tlsv1.2 (SSL)

Add parameters — TLSV1 solves the problem:
[root@localhost conf.d]# curl –tlsv1 https://*.*.*.*
curl: (60) Peer’s certificate issuer hasbeen marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html


Reference: http://php.net/manual/en/function.curl-setopt.php
Select the SSL version you want:

CURLOPT_SSLVERSION One Of CURL_SSLVERSION_DEFAULT (0), curl_ssl1 (1), curl_sslv2 (2), curl_sslv3 (3), CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 or (5) CURL_SSLVERSION_TLSv1_2 (6).
Since tlSV1 is used here, the following sentence is added to code to solve the problem:
curl_setopt($ch, CURLOPT_SSLVERSION, 1);