2

I'm experiencing strange timeouts using cURL with PHP when trying to access Amazon Cloudfront. This seems to affect all invalidation requests, creating distributions etc. cURL either reports receiving 0 bytes, or very few bytes, and then time-out: Operation timed out after 120000 milliseconds with 88 out of 619 bytes received.

Extending the timeout settings does not seem to make a difference.

Putting a trace using CURLOPT_VERBOSE produces this output:

* About to connect() to cloudfront.amazonaws.com port 443 (#0)
*   Trying 72.21.215.67... * connected
* Connected to cloudfront.amazonaws.com (72.21.215.67) port 443 (#0)
* skipping SSL peer certificate verification
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
*   subject: CN=cloudfront.amazonaws.com,O=Amazon.com Inc.,L=Seattle,ST=Washington,C=US
*   start date: Jul 30 00:00:00 2010 GMT
*   expire date: Jul 29 23:59:59 2013 GMT
*   common name: cloudfront.amazonaws.com
*   issuer: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> POST /2010-11-01/distribution/E1CIM4A92QFD98/invalidation HTTP/1.1
User-Agent: S3/php
Accept: */*
Host: cloudfront.amazonaws.com
Date: Wed, 07 Mar 2012 14:31:58 GMT
Content-Type: application/xml
Authorization: AWS ************************
Content-Length: 200

< HTTP/1.1 201 Created
< x-amzn-RequestId: 4c2d0d3f-6862-11e1-ac27-5531ac8c967f
< Location: https://cloudfront.amazonaws.com/2010-11-01/distribution/E1CIM4A92QFD98/invalidation/I35KLNROKA40FU
* Operation timed out after 120000 milliseconds with 0 bytes received
* Closing connection #0

This seems similar to this question. However, it looks like in my case curl does in fact get a response, but somehow ignores it and times-out? From what I see, the response is received (201 Created...), and there are no SSL errors. So why does curl time-out??

cURL version info

[version_number] => 463623 
[age] => 3 
[features] => 1597 
[ssl_version_number] => 0 
[version] => 7.19.7 
[host] => x86_64-unknown-linux-gnu 
[ssl_version] => NSS/3.12.7.0 
[libz_version] => 1.2.3 
[protocols] => Array ( [0] => tftp [1] => ftp [2] => telnet [3] => dict [4] => ldap [5] => ldaps [6] => http [7] => file [8] => https [9] => ftps [10] => scp [11] => sftp )
Improve this question
6
  • It says Content-Type: application/xml and Content-Length: 200 and then with 0 bytes received... it seems the response headers arrived, but not this 200 bytes XML response body. Commented Mar 7, 2012 at 20:33
  • Try disabling firewall only to make a test and seeing what happens. Commented Mar 7, 2012 at 20:36
  • Thanks @J.Bruni. I believe the Content-Length header is for the request, and if you look further, there is a response from the server (HTTP/1.1 201 Created), with the Location header. The with 0 bytes received is exactly the problem. It did receive some bytes but curl ignores them and times-out...There is no firewall Commented Mar 7, 2012 at 20:49
  • You are right. Well, if we only could see how you're setting up your session... Commented Mar 7, 2012 at 21:38
  • 2
    For example, CURLOPT_FOLLOWLOCATION is set to true? Commented Mar 7, 2012 at 21:49

2 Answers 2

Reset to default
2

Still not entirely sure why this version of curl behaves this way (it looks like a bug), but the solution was to compile a different version of curl and php (more or less following these instructions)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It would help to see how you're setting up your curl session. Are you doing things like:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/CAcerts/BuiltinObjectToken-EquifaxSecureCA.crt");

The quick test to see if you're having an SSL verify problem is:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Improve this answer

1 Comment

both VERIFYPEER and VERIFYHOST are false. I think the verbose output doesn't indicate any SSL verify issues. It sends the requests, receives the response, but still times-out...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.