Web lists-archives.com

[PHP] php 7.1, curl, wrong signature length when proxying through Fiddler




Hello,
 when I'm developing I normally use a Fiddler proxy to see request from php CLI to remote http server.
I had put a Fiddler Root certificate to CAfile.crt but I got

curl_exec() failed: 35: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length

If I go directly without proxy to IIS https server the problem doesn't occur. If I check end certificate that on the fly generated Fiddler, I get no error:

c:\prog\OpenSSL-1.0.2g\bin\openssl.exe verify -verbose -CAfile CAfile.crt c:\tmp\Vavra-PC.crt
c:\tmp\Vavra-PC.crt: OK

If I disable ssl certificate verification
$defaultOptions[CURLOPT_SSL_VERIFYPEER]=false;
$defaultOptions[CURLOPT_SSL_VERIFYHOST]=0,
then everything is fine and I see requests in Fiddler.

Tis is  Vavra-PC.crt
-----BEGIN CERTIFICATE-----
MIIG5zCCBM+gAwIBAgICQg0wDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAkNa
MRcwFQYDVQQIEw5DemVjaCBSZXB1YmxpYzEnMCUGA1UEBxQeSG9ybm9rcmNza2Eg
MTU7IDE0MCAwMCBQcmFoYSA0MScwJQYDVQQKFB5Tb2Z0d2FyZTYwMiBhLnMuIFtJ
QyA2MzA3ODIzNl0xHDAaBgNVBAMTE1NvZnR3YXJlNjAyIFJvb3QgQ0EwHhcNMTYx
MjIzMTMxMDUxWhcNMjYxMjIzMTMxMDUxWjBfMQswCQYDVQQGEwJDWjEXMBUGA1UE
CAwOQ3plY2ggUmVwdWJsaWMxDjAMBgNVBAcMBVByYWhhMRQwEgYDVQQKDAtTb2Z0
d2FyZTYwMjERMA8GA1UEAwwIVmF2cmEtUEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3f7kytRKOBFBWIH+LNWa6uGF0ZOh5qS3FykeuMfFvGIwhtlkX
I50/CQd4AOe78yIExc23PXbEJBuIjS14WuFUql7cJPSn+x/607DZThSMfPzOyk0X
BSALvAXc2jxaIXDyNkiKSkuauzgaQd+rQrCGYUNtj5WTviuH2W72SDS6HBZKs38k
q3d0LjKvioPbZhtjbL87YZE2K6dN+qLNBnl3s+OSLsAgMwZziV1uotaH3Ca5UXDE
1wa0hH1OqzCZanztsM3E6LcvTpcQPf4mBmLvL/wKAoFnntXAXk+6fF3iawphtCpc
hdWCGNax82+Ph3WJaqOJ/FRxa6muo28i8V5/AgMBAAGjggJzMIICbzCBywYDVR0j
BIHDMIHAgBTMS8k0Um/V/SYot+e4KQ4iOxW2EKGBnKSBmTCBljELMAkGA1UEBhMC
Q1oxFzAVBgNVBAgTDkN6ZWNoIFJlcHVibGljMScwJQYDVQQHFB5Ib3Jub2tyY3Nr
YSAxNTsgMTQwIDAwIFByYWhhIDQxJzAlBgNVBAoUHlNvZnR3YXJlNjAyIGEucy4g
W0lDIDYzMDc4MjM2XTEcMBoGA1UEAxMTU29mdHdhcmU2MDIgUm9vdCBDQYIJAPOG
ts1i7uL3MB0GA1UdDgQWBBQSHRpoftT1jfcyDWClBLDUbcR+/zAMBgNVHRMBAf8E
AjAAMAsGA1UdDwQEAwIF4DB6BggrBgEFBQcBAQRuMGwwMAYIKwYBBQUHMAKGJGh0
dHA6Ly9jYS42MDIuY3ovY3J0L3N3NjAycm9vdGNhLmNydDA4BggrBgEFBQcwAoYs
aHR0cDovL2NhLnNvZnR3YXJlNjAyLmN6L2NydC9zdzYwMnJvb3RjYS5jcnQwaQYD
VR0fBGIwYDAqoCigJoYkaHR0cDovL2NhLjYwMi5jei9jcmwvc3c2MDJyb290Y2Eu
Y3JsMDKgMKAuhixodHRwOi8vY2Euc29mdHdhcmU2MDIuY3ovY3JsL3N3NjAycm9v
dGNhLmNybDBfBgNVHREEWDBWggt2YXZyYS5sb2NhbIIJbG9jYWxob3N0ghg9d3d3
LnZhdnJhLnNlY3VzdGFtcC5jb22CGD13c2MudmF2cmEuc2VjdXN0YW1wLmNvbYII
VmF2cmEtUEMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3
DQEBCwUAA4ICAQBZ3E+jz2+XmaqWfCFm5Ic2/tVS3Mklhni+NchnxAtmA9hElWmq
o0LL9ObnK+tdm1IC1+Hkdzv3y8yLKwuLn4sIMvJzDYGx1QD5dv8VEBax3upyJFN/
sjav4B9IDKJwcq84mYn4FSVjJhwkIiaByiPavNVW7I4r8Q0r3wGlFotzHCJf176c
OoHDc6oYFR7JQeRc6z7gVnooN87sXPh44I67lPNztohB4axxuN5aeOyhWrs4/Tgd
71t2VsvI+xehPnsRXJ0oRmMzs6WIUD+NwnyRJwtCvPKqtQvhjBNjhIbg6H+tRFax
eThdqqs2pB9xqVywedLqtTq8oMQ+2Z8VpxmkdSK5Sjzh/zcRcEkp8tYcV6IGi6ZU
d+PC3lh6T9vzfsAJ3cu1OTpBtsgxNQQyyiP1JKNCLVa+t2NkpxiBXSMC+Kv6rtpS
ZL0ZQ7Gmft2Nvn7dF9oqoCDz+D91xSAnhTsGAiOd/Rsk6j3ESykyZbC4u/ZP7eAW
XLkJCWz1sGfSlMqjNsvRJV20kcvMsL2QyZeiNPpSmVL4wA4mCbCoTWFjhiEeWuFm
nmRMbghmDYNi5SvYzNKT9TTjA5BLTreuuJJbN4IiUrZfZTxfg4+jzDu51b53py0T
rMop++W1CoN9qSZ+mLwMJnKUobp4PNxfoJhhnWe1zGTKY2QPnEis8uusmQ==
-----END CERTIFICATE-----

PHP is PHP Version 7.1.12
System  Windows NT VAVRA-PC 10.0 build 15063 (Windows 10) AMD64
cURL Information  7.56.0
Host  x86_64-pc-win32
SSL Version  OpenSSL/1.0.2m
ZLib Version  1.2.8
libSSH Version  libssh2/1.8.0


Any advice?
Jan.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php