8

I'm trying to make a bot for: https://coinroll.it/api

From the site:
The Coinroll API is a stateless interface which works over HTTPS. Requests are made using POST variables (application/x-www-form-urlencoded) while responses are encoded in JSON (application/json). A HTTPS connection is required for accessing the API.

I have the following code: 

$ch = curl_init();
$data = array('user' => 'xxx', 'password' => 'yyy');
curl_setopt($ch, CURLOPT_URL, 'https://coinroll.it');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));   
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
$result = curl_exec($ch);
echo $result;

When I run this code, it returns a blank page, what am I doing wrong?

EDIT
I don't actually need to use cURl, if there is a better solution, please tell me.

Improve this question
9
  • Try removing the the CURLOPT_HTTPHEADER. By passing an array for the post fields, cURL will set the correct content-type automatically. Commented Jul 5, 2013 at 14:17
  • That doesn't work either. Commented Jul 5, 2013 at 14:20
  • 2
    Try setting curl_setopt($ch, 'CURLOPT_SSL_VERIFYPEER', false);. This tells cURL not to try to verify the SSL certificate. Failing that, see what the output of echo curl_error($ch); is. Commented Jul 5, 2013 at 14:22
  • It prints Cannot POST / Commented Jul 5, 2013 at 14:24
  • Without curl_setopt($ch, 'CURLOPT_SSL_VERIFYPEER', false);, echo curl_error($ch); prints SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. Commented Jul 5, 2013 at 14:27

3 Answers 3

Reset to default
13

You can prevent cURL from trying to verify the SSL certificate by using CURLOPT_VERIFYPEER.

Also set the action in the URL:

$ch = curl_init();
$data = array('user' => 'xxx', 'password' => 'yyy');
curl_setopt($ch, CURLOPT_URL, 'https://coinroll.it/getbalance');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
echo $result;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

You can use the following cURL option in order to see what happens with the HTTP connection:

curl_setopt($ch, CURLOPT_VERBOSE, true);

When TRUE it outputs verbose information.

Improve this answer

Comments

0

Today I had the case where "It had been working fine until now.", but it stopped working when the FQDN changed, and I had to self-sign another certificate, with a different DN.

After a few experiments, it turned out to be that the Subject Alternate Name (aka SAN) was not matching the certificate name, and the curl call had not been set with CURLOPT_SSL_VERIFYHOST, 2.

Conclusion: by default, CURLOPT_SSL_VERIFYHOST is set to 2, but, if your cert SAN is wrong, it will fail, unless you deactivate CURLOPT_SSL_VERIFYHOST, and, with it, CURLOPT_SSL_VERIFYPEER.

It is obviously the best practice to set both, and have a SAN that matches the subject.

Reminder: this is how to quickly check the SAN using OpenSSH on command line:

openssl x509 -in /etc/ssl/certs/recette.pharmags.fr.crt -noout -text | grep -A1 "Subject Alternative Name"

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.