I've this Curl request :
curl.exe -k --proxy-ntlm --proxy-user : --proxy http://proxyurl:80 -E C:\temp\certificat.pem:certifPassword -H depth:1 -X PROPFIND https://www.url.fr/to/webdav/number/folder/ > retour.xml
I've to translate it in php script. So I did this :
$ch = curl_init();
$urlPropfind = "https://www.url.fr/to/webdav/number/folder/";
$certifPropfind = __DIR__."/certificats/certificat.pem";
$passwordPropfind = "certifPassword";
$header = "depth:1";
//Proxy config
$proxyAdresse = "http://proxyUrl";
$proxyIp = "192.168.0.1"; //I change IP for security
$proxyPort = 80;
$proxyIdentification = "proxyUser:proxyPassword";
curl_setopt($ch, CURLOPT_PROXY, $proxyIp);
curl_setopt($ch, CURLOPT_PROXYPORT, $proxyPort);
curl_setopt($ch, CURLOPT_PROXYTYPE, 'HTTP');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyIdentification);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLCERT, $certifPropfind);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $passwordPropfind);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $urlPropfind);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
$output = curl_exec($ch);
var_dump($output);
var_dump(curl_getinfo($ch));
curl_close($ch);
But my curl return FALSE so I don't understand what did I do wrong ?
The error:
HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS: client certificate not found: certServeurTM.pem * NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT) * SSL peer was unable to negotiate an acceptable set of security parameters. * Closing connection 2
And
EDIT
I converted this to PHP & here my :
curl_setopt($ch, CURLOPT_URL, $urlPropfind);
curl_setopt($ch, CURLOPT_NOPROGRESS, true);
curl_setopt($ch, CURLOPT_PROXY, $proxyAdresse);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyIdentification);
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERAGENT, "curl/7.29.0");
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
curl_setopt($ch, CURLOPT_MAXREDIRS, 50);
curl_setopt($ch, CURLOPT_KEYPASSWD, "/var/www/html/myapplication/certificats/certServeurTM.pem:toulouse31");
curl_setopt($ch, CURLOPT_SSLCERT, "certServeurTM.pem");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
curl_setopt( $ch, CURLOPT_VERBOSE, true );
curl_setopt( $ch, CURLOPT_STDERR, fopen('php://output', 'w') );
& message I get (only the end of message. All is good until certificat):
HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS: client certificate not found: certServeurTM.pem * NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT) * SSL peer was unable to negotiate an acceptable set of security parameters. * Closing connection 2
I added
curl_setopt($ch, CURLOPT_CAPATH, "/var/www/html/myapplication/certificats");
& I see the following message
failed to load '/var/www/html/myapplication/certificats/certServeurTM.pem' from CURLOPT_CAPATH
Finally I get it !!
In fact, the person in charge of certifacts management forget to tell me that I need another private key & private certificat...
So here my final code :
curl_setopt($ch, CURLOPT_URL, $urlPropfind);
curl_setopt($ch, CURLOPT_NOPROGRESS, true);
curl_setopt($ch, CURLOPT_PROXY, $proxyAdresse);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyIdentification);
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERAGENT, "curl/7.29.0");
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
curl_setopt($ch, CURLOPT_MAXREDIRS, 50);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "toulouse31");
curl_setopt($ch, CURLOPT_SSLCERT, "/var/www/html/myapplication/certificats/certServeurTM.pem");
curl_setopt($ch, CURLOPT_SSLCERT, "/var/www/html/myapplication/certificats/default.crt");
curl_setopt($ch, CURLOPT_SSLKEY, "/var/www/html/myapplication/certificats/default.privkey");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt( $ch, CURLOPT_VERBOSE, true );
curl_setopt( $ch, CURLOPT_STDERR, fopen('php://output', 'w') );
Thanks, everyone, for your help :)