Bugs item #3594897, was opened at 2012-12-11 12:57
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3594897&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: SSL/TLS
>Group: bad behaviour
>Status: Pending
Resolution: None
Priority: 5
Private: No
Submitted By: Anthony G. Basile (blueness)
>Assigned to: Daniel Stenberg (bagder)
Summary: curl-7.28.1: PHP curl_getinfo misbehavior

Initial Comment:
Commit da82f59b697310229ccdf66104d5d65a44dfab98 ends support for CURLOPT_SSL_VERIFYHOST => 1. Using it in a php script still returns values for curl_getinfo() and curl_multi_getcontent(), however, it is not as it should be since the head of the returned HTML is cut off. For example, using the following script

    <?php
     
    $cm = curl_multi_init();
    $stuffs = curl_init();
    $curl_options = array(
            CURLOPT_URL => 'http://www.google.ca',
            CURLOPT_RETURNTRANSFER => 1,
            CURLOPT_SSL_VERIFYHOST => 1, // toggle 0/1 to test
            CURLOPT_SSL_VERIFYPEER => 1,
            CURLOPT_HEADER => 1
    );
    curl_setopt_array($stuffs, $curl_options);
    curl_multi_add_handle($cm, $stuffs);
    do { curl_multi_exec($cm, $running); } while($running > 0);
    $content = curl_multi_getcontent($stuffs);
    $info = curl_getinfo($stuffs);
    curl_multi_remove_handle($cm, $stuffs);
    curl_multi_close($cm);
    print_r($info);
    // cuts off too much, the header size is incorrect
    echo mb_substr($content, $info['header_size']);
     
    ?>

we get

0473,4000567,4000955,4001042,4001372,4001416,4001569,4001959,4001966,4002000,4002036,4002048,4002161,4002240,4002348,4002359,4002378,4002391,4002436,4002460,4002510,4002562,4002707,4002710,4002733,4002756,4002768,4002773,4002786,4002789,4002868,4002883",ei:"X2bFUMOTFOr-2QWDuYCgDg"},authuser:0,ml:function(){},kHL:"en",time:function(){return(new ....

with "<!doctype html><html" cut off. Setting CURLOPT_SSL_VERIFYHOST => 0 fixes it. Of course, reverting to pre da82f5 "fixes" it to, but as noted in the commit message, this is not a good idea.

Thanks to Andrew Saunders for isolating the issue! See the downstream bug for more info.

https://bugs.gentoo.org/show_bug.cgi?id=444788

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2012-12-11 13:21

Message:
Sorry, but this bugtracker is for curl and libcurl. The PHP/CURL binding is
written and maintained by the PHP team, so please submit PHP/CURL bugs to
them at https://bugs.php.net/report.php

If this is a bug in libcurl that happens without PHP, then please provide
sample code showing it!

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3594897&group_id=976
Received on 2012-12-11