Different results running script from command line vs. PHP

Question

I have a bash script that tests pconn idle timeout. If I run it from the command line, it works fine. If I run the exact same script from PHP using shell_exec, I get different results.

EDIT: The results I'm interested in are the HTTP 200 response, that is expected, vs the HTTP 400 response when the script is run from PHP.

I've verified that the arguments are making it into the script because if I echo the variables from the script itself I can see the proper data.

However, just to be certain it's not some kind of encoding/escaping issue, I've even hard-coded the values in the script and simply run the script via PHP and I still am not getting the proper response back.

Since simplifying the script I think I've removed anything PHP related (passing variables to the script). So what could possibly cause this issue?

The script:

vbetoglo@prod-lamp-web03:~$ cat pconns.sh 
echo -en "GET / HTTP/1.1
Host: www.betoglou.com
Connection: keep-Alive

" | time /test/openssl/bin/openssl s_client --connect origin.betoglou.com:443 --servername www.betoglou.com -ign_eof

The PHP Code, you can ignore the inputs since the script itself is hard coded right now:

function pconns($hostname, $path, $origin){
        $cmd="/scripts/webtools/pconns.sh";
        $results=shell_exec($cmd);
        ?>
        
        Results for :


        <?
                echo $results;
        ?>



I've also tried moving the call for the  script into the shell_exec line (I know it doesn't matter).
So here are the results when run command line:

vbetoglo@prod-lamp-web03:~$ /scripts/webtools/pconns.sh 
CONNECTED(00000003)
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = betoglou.com
verify return:1
---
Certificate chain
 0 s:CN = betoglou.com
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISBFT+WX7pGscXYsOEDC4uIbNBMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MDQxMTA3NDVaFw0x
OTEwMDIxMTA3NDVaMBcxFTATBgNVBAMTDGJldG9nbG91LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMegvPueIsEbPdIcB58Y5/L+ZCBs6x4r/sTV
gwDcpHT73LaOihloqUhNn0cmO8yWMK3RU6DGwylbEMn7sF6+9bXJM97YF88QmcXQ
LcWOuzENr+kQRLDmvVrSeygmX1NVOkztMGCw/r5zrD3p3gthksiKUXqdPLI+OLRv
ydHrA2yPduYc8TiNkS+nucm2SkW3M8yhl/aJ3RuK1EHjO3pD7Tn9X8kdFgbMahTp
wLe8779mdsPaBFYtHR8csiQSTmqHhbZIZLyd+ej98QJJLtSkwG9l/DaQBEzRsdCZ
ssIp1kOq4FmM6mTBIuTjS+j+ayrsF8zOjBABEgZ5AKXRazcBCQECAwEAAaOCAmIw
ggJeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjH8BT4HLxxQUfKZPAyCvhp4d1QEw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAXBgNVHREEEDAOggxiZXRvZ2xvdS5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwB0ftqDMa0zEJEhnM4l
T0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWu84iSdAAAEAwBIMEYCIQCwLE27lyV3IFnG
Hmn4xJxVqNJgIb9S5C1SSWSrSALPCQIhAINtKtjX622NHg9pAVOmorYgUVbQBqfF
2tcznaBytGa4AHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFr
vOIkmgAABAMARzBFAiEA+8eGYNpGOs6bppNJgyNFuCb8PzYbmZ1LUoWyOcPpdxwC
IGUGDNDKr3/bdUuNTCSzuJJv3XrDFQs+TZpSameRG3o9MA0GCSqGSIb3DQEBCwUA
A4IBAQAEXuWI8/OpoEa3Ff3m3/vCEDmBUpK3cS3MWbA3kGawD4YyDXpIpKiJHmMv
GMo09e73dsJQ5ZZA8BHjnxgnwgeaixGcPPI27fco6bjqSDFEdPqr0qd+Evo8kJ2i
XiTetpb2sz/1a9NUIsFCEe6F2v7zvPw67oLhFSouC+mm5yfJ84IKbaAJH/pjRsSj
MN0YstiiLs2TdLdyl6Rek3PQx07pzXpbe0PNHVXml6lIsrm6+6mWExwApmMHjkaU
0v03V6mbddQM5gkOux1u+pzKENiKR6mFAql+PUWIhglqQmjiAfDxFs99LDzPHRCX
zVwuiQmBLbt9oTqNQg6aM3RqLoRc
-----END CERTIFICATE-----
subject=CN = betoglou.com

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3248 bytes and written 444 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: D7A2EE46C46091AB53D20174C9C0B589DC784EAA11E24798163967D4ACD7EA02
    Session-ID-ctx: 
    Master-Key: CC99647A30CD8E23B270A6C70B1E258C1F649639044B3C4AC73D355E2502DAF8F1B73104565C240ED1674360D935E075
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 6e 77 17 4b 4c 4e 18 d0-1c 9f 5d 20 d9 dc d6 38   nw.KLN....] ...8
    0010 - 3b fd e3 bc bf ba 2e a9-9f c2 3e c2 53 bd 10 12   ;.........>.S...
    0020 - 22 e0 f5 31 5b ff 93 25-0c cd 96 a9 9f 3e a3 d4   "..1[..%.....>..
    0030 - 65 41 da ee 13 45 8c 49-08 79 8e 83 59 be f6 2d   eA...E.I.y..Y..-
    0040 - c7 2b ec fc f2 79 04 d8-d6 59 53 f1 eb 71 3c 91   .+...y...YS..q<.
    0050 - c7 e8 f7 b8 8a c4 25 7e-35 af fa 6c 1b 48 77 90   ......%~5..l.Hw.
    0060 - 17 d0 3a 92 2a 03 ad 87-76 9a 77 1c cf 56 3b 30   ..:.*...v.w..V;0
    0070 - f4 14 6b 77 94 96 27 33-66 b7 f8 cd 35 3f b0 3b   ..kw..'3f...5?.;
    0080 - 07 20 f2 76 66 4e 08 a2-8e fa 3d f9 6b 33 78 1d   . .vfN....=.k3x.
    0090 - 20 2b 36 b1 08 1f a8 ab-1b 17 99 08 83 86 85 b3    +6.............
    00a0 - 56 79 b1 7b cf be db 09-23 e2 8e ed 5d 8c 8b 43   Vy.{....#...]..C
    00b0 - c0 e7 c4 5e 53 89 12 7b-61 05 1c 13 63 7c 3b 86   ...^S..{a...c|;.
    00c0 - 88 5e c4 f4 28 9f e2 e7-7d 75 a2 a7 c5 25 f2 2b   .^..(...}u...%.+

    Start Time: 1563400639
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
---
HTTP/1.1 200 OK
Date: Wed, 17 Jul 2019 21:57:19 GMT
Server: Apache
Content-Length: 22728
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

{{{source code removed}}}
closed
0.00user 0.00system 0:02.12elapsed 0%CPU (0avgtext+0avgdata 15868maxresident)k
0inputs+0outputs (0major+1267minor)pagefaults 0swaps


BUT, if I run it PHP:

Results for asd:

depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = betoglou.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = betoglou.com
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISBFT+WX7pGscXYsOEDC4uIbNBMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MDQxMTA3NDVaFw0x
OTEwMDIxMTA3NDVaMBcxFTATBgNVBAMTDGJldG9nbG91LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMegvPueIsEbPdIcB58Y5/L+ZCBs6x4r/sTV
gwDcpHT73LaOihloqUhNn0cmO8yWMK3RU6DGwylbEMn7sF6+9bXJM97YF88QmcXQ
LcWOuzENr+kQRLDmvVrSeygmX1NVOkztMGCw/r5zrD3p3gthksiKUXqdPLI+OLRv
ydHrA2yPduYc8TiNkS+nucm2SkW3M8yhl/aJ3RuK1EHjO3pD7Tn9X8kdFgbMahTp
wLe8779mdsPaBFYtHR8csiQSTmqHhbZIZLyd+ej98QJJLtSkwG9l/DaQBEzRsdCZ
ssIp1kOq4FmM6mTBIuTjS+j+ayrsF8zOjBABEgZ5AKXRazcBCQECAwEAAaOCAmIw
ggJeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjH8BT4HLxxQUfKZPAyCvhp4d1QEw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAXBgNVHREEEDAOggxiZXRvZ2xvdS5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwB0ftqDMa0zEJEhnM4l
T0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWu84iSdAAAEAwBIMEYCIQCwLE27lyV3IFnG
Hmn4xJxVqNJgIb9S5C1SSWSrSALPCQIhAINtKtjX622NHg9pAVOmorYgUVbQBqfF
2tcznaBytGa4AHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFr
vOIkmgAABAMARzBFAiEA+8eGYNpGOs6bppNJgyNFuCb8PzYbmZ1LUoWyOcPpdxwC
IGUGDNDKr3/bdUuNTCSzuJJv3XrDFQs+TZpSameRG3o9MA0GCSqGSIb3DQEBCwUA
A4IBAQAEXuWI8/OpoEa3Ff3m3/vCEDmBUpK3cS3MWbA3kGawD4YyDXpIpKiJHmMv
GMo09e73dsJQ5ZZA8BHjnxgnwgeaixGcPPI27fco6bjqSDFEdPqr0qd+Evo8kJ2i
XiTetpb2sz/1a9NUIsFCEe6F2v7zvPw67oLhFSouC+mm5yfJ84IKbaAJH/pjRsSj
MN0YstiiLs2TdLdyl6Rek3PQx07pzXpbe0PNHVXml6lIsrm6+6mWExwApmMHjkaU
0v03V6mbddQM5gkOux1u+pzKENiKR6mFAql+PUWIhglqQmjiAfDxFs99LDzPHRCX
zVwuiQmBLbt9oTqNQg6aM3RqLoRc
-----END CERTIFICATE-----
subject=CN = betoglou.com

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3248 bytes and written 444 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: B4359A2A9E37D2B08990B2B633FCA34FBE69FDAFE2219F9F809AA251BFE46372
    Session-ID-ctx: 
    Master-Key: BA7685698B51974B02EB85BB21A684AA1CF1997496841EA23505F43697611AE4709D83FB82C6091DE1155B58CAA76649
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 6e 77 17 4b 4c 4e 18 d0-1c 9f 5d 20 d9 dc d6 38   nw.KLN....] ...8
    0010 - b8 df b2 ee 72 f3 f5 eb-0f 10 83 7f 2d 7b 61 1e   ....r.......-{a.
    0020 - 7e 54 89 7f f3 20 60 23-f6 01 4c 54 94 56 e0 58   ~T... `#..LT.V.X
    0030 - 39 28 b8 c7 46 4d 40 14-00 b1 1f c0 b0 88 e1 d4   9(..FM@.........
    0040 - 02 d9 0a 1e d8 f0 96 72-af 15 1a b9 e7 0e 93 1a   .......r........
    0050 - 53 ec 3b 0d e3 e3 43 91-70 95 3f 3d 68 b2 3d 14   S.;...C.p.?=h.=.
    0060 - 85 72 7c db 99 fb 6d 15-7e 40 12 72 bb db aa 41   .r|...m.~@.r...A
    0070 - 78 65 56 09 05 29 f7 09-6a 69 9f 90 2d a8 84 b8   xeV..)..ji..-...
    0080 - a4 99 3f 4a 55 34 df bf-dd f4 c8 8c bd 1c 35 6c   ..?JU4........5l
    0090 - cc 01 6a 9c 38 a1 ef bd-01 a5 41 31 58 d3 19 20   ..j.8.....A1X.. 
    00a0 - b5 75 ff 3e 1c 0d 3b c9-97 36 a5 b4 77 aa 69 95   .u.>..;..6..w.i.
    00b0 - 25 a6 96 a5 b9 cb 8f 9e-05 cd b7 df 0f d4 b1 b4   %...............
    00c0 - f8 77 5d 98 d9 3b 2d 5e-0d 58 66 cc 4e 35 99 4f   .w]..;-^.Xf.N5.O

    Start Time: 1563400624
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
---
HTTP/1.1 400 Bad Request
Date: Wed, 17 Jul 2019 21:57:04 GMT
Server: Apache
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1



400 Bad Request

Bad Request
Your browser sent a request that this server could not understand.



closed
0.00user 0.00system 0:00.15elapsed 7%CPU (0avgtext+0avgdata 15624maxresident)k
0inputs+0outputs (0major+1266minor)pagefaults 0swaps

Barmar · Accepted Answer

Since the script doesn't begin with a shebang line, it's being executed using whatever shell is being used by the caller. That's /bin/sh for PHP, but probably /bin/bash for you.

This is probably changing whether the echo command supports the -en option to process escape sequences -- it works interactively, but not from PHP.

You should always begin scripts with #!/bin/bash or #!/bin/sh to make sure they use the shell you want.

And rather than echo, use printf, which has more consistent behavior.

#!/bin/bash
printf "GET / HTTP/1.1
Host: www.betoglou.com
Connection: keep-Alive

" | time /test/openssl/bin/openssl s_client --connect origin.betoglou.com:443 --servername www.betoglou.com -ign_eof

Different results running script from command line vs. PHP

Answers (1)

Related Questions