Friday, December 5, 2008

PHP Snoopy: How to make it work with HTTPS?

Recently I came across the requirement to read the response of a URL using a secure connection. Since I have been using Snoopy for several years already, I just fired a snoopy->fetch() to the HTTPS URL. To my surprise, nothing happened.

After some investigation, it turned out you need to have cURL installed and configured in Snoopy. Basically just set the Snoopy $curl_path member variable to the full path of the executable. In my case, since I’m running Windows, it was something like C:\curl\curl.exe

Read the rest only if you are running Snoopy 1.2.3.
First of all, update asap – there is a vulnerability in Snoopy 1.2.3.
Second, if you still use v1.2.3 and access sites which don’t use trusted certificates, you will need to add the –k option in the command line of cURL. This basically tells cURL to ignore that the server can’t be verified.

You would have to edit the Snoopy.class.php and modify the following line to also include a –k among the parameters of curl_path:

exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);

4 comments:

  1. thanks, in any way can i tell snoopy to use php libcurl?

    ReplyDelete
  2. Thanks for your post. I tried all this. I have PHP Version 5.2.6 on Win2K3 with
    cURL support: enabled
    cURL Information: libcurl/7.16.0 OpenSSL/0.9.8g zlib/1.2.3

    I have everyone full control (just for now) on
    c:\curl\ and c:\temp\ (got curl.exe and everything in c:\curl\)

    I changed in Snoopy.class.php:
    var $temp_dir="c:\temp";
    var $curl_path="c:\curl\curl.exe";
    also tried:
    var $temp_dir="c:\\temp";
    var $curl_path="c:\\curl\\curl.exe";

    The url I'm trying to submit to with Snoopy has ssl under different port:
    https://api.mydomain.com:12345

    Still my submit give no results whereas when I sumit using http I do get results

    ReplyDelete
  3. Christiaan, the problem might be related to the non-standard HTTPS port. Try first with the default 443 and check if that works. Apache 2.0 has some issues with non-443 HTTPS also.

    Also try cURL from command line to see what are the exact error messages (or inspect it using curl_error function)

    ReplyDelete