Hi list,

This is my first post. Please be nice to me.

In my country, Brazil, we have new rules that oblige us to submmit our invoices to a server before we can ship goods out.

I will try to be very brief, basically we send a signed XML file containing the data to a server that belongs to our local taxing department, and the server replies authorizing the use of the invoice.

It is a SOAP-RPC web service, under SSL and certificates are exchanged.

I am currently using an opensource package developed in Brazil called nfephp, that uses curl and nusoap for this.

The code s functional, and I have discovered a particular issue with my Mac Os X operating system (I believe so).

Basically I can send XML file to a server that is just for tests or to another server that is the "real" server, and has legal value. The tests server is used only for development.

The URLs are:

the legal value one:
https://nfe.sefazvirtual.rs.gov.br

the one for tests only:
https://homologacao.nfe.sefazvirtual.rs.gov.br

The problem:

We have been in the past 20 days with a curl timeout problem that alternates from
these two servers. Most of the time I can comunicate with one of these two servers, sometimes none,
but never both as I did for the previous 6 months.

Let me make myself clear:

My webservice can comunicate with https://nfe.sefazvirtual.rs.gov.br but not
with https://homologacao.nfe.sefazvirtual.rs.gov.br at this moment, and yeasterday the problem
was inversed. And it goes on like this...

We have been doing a lot of checking in the php code that uses curl, and it is fully functional once
we move it to another system, such as windows or linux. But the problem remains on Mac Os 10.6.5.

I have come to down to a very, very simple test, I type on terminal.app the following command:

==== Comand begins:

$ curl -vv --url "https://nfe.sefazvirtual.rs.gov.br/ws/nferecepcao/NfeRecepcao.asmx"
* About to connect() to nfe.sefazvirtual.rs.gov.br port 443 (#0)
* Trying 200.233.3.104... connected
* Connected to nfe.sefazvirtual.rs.gov.br (200.233.3.104) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-MD5
* Server certificate:
* subject: C=BR; O=ICP-Brasil; OU=Autoridade Certificadora SERPROACF; OU=CONTRIBUINTE; OU=Equipamento A1; CN=nfe.sefazvirtual.rs.gov.br
* start date: 2010-06-23 20:08:03 GMT
* expire date: 2011-06-23 19:35:53 GMT
* common name: nfe.sefazvirtual.rs.gov.br (matched)
* issuer: C=BR; O=ICP-Brasil; OU=Servico Federal de Processamento de Dados - SERPRO; OU=CSPB-1; CN=Autoridade Certificadora do SERPRO Final v2
* SSL certificate verify ok.
> GET /ws/nferecepcao/NfeRecepcao.asmx HTTP/1.1
> User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
> Host: nfe.sefazvirtual.rs.gov.br
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Content-Length: 89
< Content-Type: text/html
< Server: Microsoft-IIS/6.0
< X-Powered-By: ASP.NET
< Date: Thu, 03 Feb 2011 22:36:30 GMT
<
<HTML>HTTP Error 403.7 - Forbidden: SSL client certificate is required.</HTML>

* Connection #0 to host nfe.sefazvirtual.rs.gov.br left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

====== Command ends

And as you see I have a reply that asks me for a client certificate.

I can of course add the certificate to the command line, but it really doesn't make any difference to this simple test.

But when I try the test server:

===== Command begins

$ curl -vv --url "https://homologacao.nfe.sefazvirtual.rs.gov.br/ws/nferecepcao/NfeRecepcao.asmx"
* About to connect() to homologacao.nfe.sefazvirtual.rs.gov.br port 443 (#0)
* Trying 200.233.3.103... connected
* Connected to homologacao.nfe.sefazvirtual.rs.gov.br (200.233.3.103) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-MD5
* Server certificate:
* subject: C=BR; O=ICP-Brasil; OU=Autoridade Certificadora SERPROACF; OU=CONTRIBUINTE; OU=Equipamento A1; CN=homologacao.nfe.sefazvirtual.rs.gov.br
* start date: 2010-06-23 20:03:27 GMT
* expire date: 2011-06-23 19:32:40 GMT
* common name: homologacao.nfe.sefazvirtual.rs.gov.br (matched)
* issuer: C=BR; O=ICP-Brasil; OU=Servico Federal de Processamento de Dados - SERPRO; OU=CSPB-1; CN=Autoridade Certificadora do SERPRO Final v2
* SSL certificate verify ok.
> GET /ws/nferecepcao/NfeRecepcao.asmx HTTP/1.1
> User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
> Host: homologacao.nfe.sefazvirtual.rs.gov.br
> Accept: */*
>
* SSLv3, TLS handshake, Hello request (0):

===== Command ends

The command times out with no reply.

And this alternates every day from one server to the other...

Sometimes I can not comunicate with one server, sometimes another server...

===== Curl version:
curl --version
curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
==== end version

I have also for tests a free Java Applications that is supplied by the taxing office, and when I can not send my invoices using my routine, I import the XML into it, and send the invoice away without any problems, using the very same system.

Safari and Firefox can talk to both servers using my certificate all the time!!!

I apreciate your attention in reading this long email, thank you,

Bernardo Höhl
Rio de Janeiro - Brazil

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-02-03