How can I force PHP's cURL extension to use OpenSSL and not GnuTLS?

615 views Asked by At

I have a PHPUnit testsuite running that passes successfully on my local machine, but fails on Travis CI.

I've determined that the tests fail due to the cURL extension using GnuTLS instead of OpenSSL, and I don't know how to force it to use OpenSSL.

The error that I am getting is this:

cURL error 56: GnuTLS recv error (-9): A TLS packet with unexpected length was received. (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

I've attempted to follow the instructions provided here but as I can't remote into the Travis instance, it's frustrating to continually upload different configs and wait for them to run each time.

Looking at the Travis system information I can see the following:

Operating System Details
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:    14.04
Codename:   trusty

openssl version
OpenSSL 1.0.1f 6 Jan 2014

curl version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3

phpenv versions
  system
  5.4
  5.4.45
  5.5
  5.5.38
  5.6
* 5.6.31 (set by /home/travis/.phpenv/version)
  7.0
  7.0.22
  hhvm
  hhvm-stable

So I know that OpenSSL is installed, cURL is installed with OpenSSL, and PHP is running on 5.6.31.

I also have the output of php -i below:

PHP Version => 5.6.31

System => Linux testing-gce-67e44fc2-4ca1-49ef-abc8-08830fe54ccc 4.4.0-93-generic #116~14.04.1-Ubuntu SMP Mon Aug 14 16:07:05 UTC 2017 x86_64

Build Date => Jul 22 2017 11:49:03

Configure Command =>  './configure'  '--with-config-file-path=/home/travis/.phpenv/versions/5.6.31/etc' '--with-config-file-scan-dir=/home/travis/.phpenv/versions/5.6.31/etc/conf.d' '--prefix=/home/travis/.phpenv/versions/5.6.31' '--libexecdir=/home/travis/.phpenv/versions/5.6.31/libexec' '--enable-intl' '--with-openssl' '--without-pear' '--with-gd' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr' '--enable-exif' '--enable-zip' '--with-zlib' '--with-zlib-dir=/usr' '--with-mcrypt=/usr' '--with-pdo-sqlite' '--enable-soap' '--enable-xmlreader' '--with-xsl' '--enable-ftp' '--with-tidy' '--with-xmlrpc' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-shmop' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--enable-pcntl' '--with-readline' '--enable-mbstring' '--with-curl' '--with-pgsql' '--with-pdo-pgsql' '--with-gettext' '--enable-sockets' '--with-bz2' '--enable-bcmath' '--enable-calendar' '--with-libdir=lib' '--enable-fpm' '--enable-maintainer-zts' '--with-gmp' '--with-imap' '--with-imap-ssl' '--with-kerberos' '--with-ldap' '--with-ldap-sasl' '--enable-dba' '--with-cdb' '--with-mysql=mysqlnd'

curl
cURL support => enabled
cURL Information => 7.35.0
Age => 3
Features
AsynchDNS => Yes
CharConv => No
Debug => No
GSS-Negotiate => Yes
IDN => Yes
IPv6 => Yes
krb4 => No
Largefile => Yes
libz => Yes
NTLM => Yes
NTLMWB => Yes
SPNEGO => No
SSL => Yes
SSPI => No
TLS-SRP => Yes
Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtmp, rtsp, smtp, smtps, telnet, tftp
Host => x86_64-pc-linux-gnu
SSL Version => GnuTLS/2.12.23
ZLib Version => 1.2.8

openssl

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1f 6 Jan 2014
OpenSSL Header Version => OpenSSL 1.0.1f 6 Jan 2014
Openssl default config => /usr/lib/ssl/openssl.cnf

Directive => Local Value => Master Value
openssl.cafile => no value => no value
openssl.capath => no value => no value

How can I get SSL Version to be OpenSSL/1.0.1f instead of GnuTLS/2.12.23?

0

There are 0 answers