PHP curl HTTPS does not work in chroot

sofatime

Well-Known Member
#1
Hi,

I have compiled lsphp with curl. That works perfectly for HTTP but not for HTTPS. curl from the command line works with https, but not from PHP. Information about my installation:

lsws 3.1 Enterprise in chroot
PHP 5.2.2
Solaris 10 x86
I have a valid thawte certificate on the https server and also tested it with other https servers.

I have checked the following:
stderror: shows no errors
ldd libcurl.so -> all needed libraries are in chroot

I use the following PHP testcode:

Code:
<?php

$ch = curl_init("https://secure.testserver.com/");
$fp = fopen("test.txt", "w");

curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);

curl_exec($ch);

curl_close($ch);
fclose($fp);
?>
I also added:
Code:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
didn't change anything

I get the following in error.log:
Connection idle time: 301 while in state: 5 watching for event: 25,close!
Content len: 0, Request line: GET /curltest.php HTTP/1.1
HttpExtConnector state: 8, request body sent: 0, response body size: 0, response body sent:0, left in buffer: 0, attempts: 0.

I assume it has something to do with the chroot, but I don't know where to look (except needed libraries, which seem to be all there). Any hints?

Thanks
Daniel
 

mistwang

LiteSpeed Staff
#2
Have you compiled PHP with openssl? openssl is required for https connection I believe.
Have you tried your PHP script with lsphp running from command line?

Please check lsws/logs/error.log and lsws/logs/stderr.log, might be some clue there.
 

sofatime

Well-Known Member
#3
Thanks for your answer.
I have not compiled PHP with openssl, but I don't think that is necessary, as libcurl is compiled with openssl.
I have tried the PHP script with lsphp from the command line: It works! That would also mean to me that openssl in PHP is not necessary.

About logs: there is nothing in stderr.log. For error.log please check my first post.

I assume something is missing in the chroot, but I don't see what that could be.

Thanks again
Daniel
 

mistwang

LiteSpeed Staff
#4
It will be a tough job to debug missing component in chroot. :)
We usually did this:
strace the application from command line under normal environment, leave the output in one terminal windows.
Copy strace to the chroot jail, make it work properly.
Then strace the application from command line under chroot jail, compare the strace output with that of normal environment.

You should be able to figure out what is missing this way.
 
Top