curl-library
Re: PHP HTTPS Proxy
Date: Thu, 9 Feb 2017 17:19:33 -0500
On 2/9/2017 4:22 PM, beshoo wrote:
> I dont know how to apply it , please have a look :
>
> <?php
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_URL, 'http://whatismyip.org');
> curl_setopt($ch, CURLOPT_HEADER, 1);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
> curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
> curl_setopt($ch, CURLOPT_PROXY,
> 'https://0f5ee342326fecbfb582ed3dc3495fb10f8ebd56:4F11C6A666BF2B9F922309B29CC486F4CC48CA2900E7B7F8679D69E42786EA21@68.71.55.53:443');
> curl_setopt($ch, CURLOPT_VERBOSE, true);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
> curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
>
> curl_setopt($ch, CURLOPT_PROXYUSERPWD, $auth);
> print $data = curl_exec($ch);
> curl_close($ch);
>
> ?>
>
> Output :
> * Rebuilt URL to: http://whatismyip.org/
> * Trying 68.71.55.53...
> * TCP_NODELAY set
> * Connected to (nil) (68.71.55.53) port 443 (#0)
> * Cipher selection:
> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * SSL certificate problem: unable to get local issuer certificate
> * Curl_http_done: called premature == 0
> * Closing connection 0
>
> root_at_server [/root]# curl -V
> curl 7.52.1 (x86_64-redhat-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.1e
> zlib/1.2.3 c-ares/1.12.0 libssh2/1.8.0 nghttp2/1.6.0
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy Metalink
> root_at_server [/root]#
Please stop top-posting [1] it makes the conversation hard to follow.
CURLOPT_PROXYTYPE set to CURLPROXY_HTTP is wrong and isn't needed since
you're specifying the proxy as https://. If you wanted to specify the
type separately you'd use CURLPROXY_HTTPS [2].
CURLOPT_PROXYUSERPWD isn't needed since you're specifying the proxy as
https://user:pass@host
CURLOPT_SSL_VERIFYPEER I wouldn't disable, it disables certificate
verification which opens you up to a MITM attack. Also it has no effect
on HTTPS proxies. To disable peer and host verification for the proxy
use CURLOPT_PROXY_SSL_VERIFYHOST [3] at least and
CURLOPT_PROXY_SSL_VERIFYPEER [4]. But instead though you could use
ca.opera-proxy.net as your proxy host and don't disable any
verification. Also you should change your password since you posted it
to a public mailing list.
[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_PROXYTYPE.html
[3]: https://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SSL_VERIFYHOST.html
[4]: https://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SSL_VERIFYPEER.html
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-09