curl error 35 : Unknown SSL google OAuth2

Question

I try to use Google php OAuth2 (google-api-php-client) and i have curl errno 35, but only when i use proxy :

HTTP Error: (0) Unknown SSL protocol error in connection to accounts.google.com:8080

I test many solutions :

// Test disabled verify peer & host
CURLOPT_SSL_VERIFYPEER => false
CURLOPT_SSL_VERIFYHOST => false

...

// Test set proxy & auth proxy
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYPORT, '8080');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyauth);

...

// Test set auth proxy in header
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization' => $proxyauth))

...

// Test Specify the SSL version
curl_setopt($ch, CURLOPT_SSLVERSION, 3);

...

// Test specify HTTP version
curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

...

// Test change proxy type
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
or
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);

I tried different solutions found everywhere (almost exhaustive list above), but none works for me.

I wondered if this was not the port number that was the problem, but I have not succeed to change this (i tried with CURLOPT_PORT option), and also in the URLs in Google_OAuth2.php.

thanks for your help,

Simon.

Answer 1

I am working through this exact issue. No solution yet but here's what I've found:

If you compare the output of:

$ curl -v https://accounts.google.com 

* About to connect() to proxy 10.1.1.10 port 8080 (#0)
*   Trying 10.1.1.10... connected
* Connected to 10.1.1.10 (10.1.1.10) port 8080 (#0)
* Establish HTTP proxy tunnel to accounts.google.com:443
> CONNECT accounts.google.com:443 HTTP/1.1
> Host: accounts.google.com:443
> User-Agent: curl/7.18.2 (i686-pc-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 libssh2/1.2.7
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection established
< 
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
...
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
*        subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=accounts.google.com
...
*        SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.18.2 (i686-pc-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 libssh2/1.2.7
> Host: accounts.google.com
> Accept: */*

(which works) and

$ curl -v https://accounts.google.com:8080

you'll see that the problem is

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I guess the proxy server is appending the port to the return address and that's what causing the certificate verification to fail. Unfortunately proxy servers aren't my area of expertise. Hopefully that gives you a clue though.