osx 10.10 Curl POST to HTTPS url gives SSLRead() error

Mattijs picture Mattijs · Oct 20, 2014 · Viewed 36.7k times · Source

I just recently upgraded to OSX 10.10 Yosemite and I since the upgrade I can't do Curl POST to a SSL url anymore.

I first used wordpress's wp_remote_request call and also tried to use curl in php. Both (as expected) give the same error message:

Error Number:56

Error String:SSLRead() return error -9806

Note: when I curl POST to HTTP it works fine. I reckon it is a setting in PHP.ini or in my apache (I lost my original HTTPD.conf file after upgrade...).

Can anyone help me out?

Answer

Asaph picture Asaph · Oct 23, 2014

I've seen this error happen when php is compiled with a version of cURL that uses Apple's Secure Transport under Yosemite and the target of the URL request doesn't support SSLv3 (which was probably disabled due to the POODLE vulnerability). What is the output of this command?

$ php -i | grep "SSL Version"

I suspect you'll see this:

SSL Version => SecureTransport

You can overcome this by installing a version of php which uses a version of cURL which uses OpenSSL instead of SecureTransport. This is most easily done with homebrew. So install that first if you don't already have it. If homebrew is installed but you haven't run brew update since upgrading to Yosemite, do that first. Also make sure you've installed XCode >= 6.1 and the latest XCode command line tools. brew doctor will tell you if you've done it all right.

Add the Homebrew taps below that you will need in order to get brewed php installed. Skip this step if these repos are already tapped. If you're unsure if these repos are already tapped, just run the commands below. Worst case scenario, you'll get a harmless Warning: Already tapped!

$ brew tap homebrew/dupes
$ brew tap homebrew/versions
$ brew tap homebrew/php

Then install curl with openssl:

$ brew install --with-openssl curl

Then install php using the curl you just installed and brewed openssl:

$ brew install --with-homebrew-curl --with-httpd24 php55
  • if using apache, make sure to add LoadModule php5_module /usr/local/opt/php55/libexec/apache2/libphp5.so to your /etc/apache2/httpd.conf and restart apache.

  • if not using apache 2.4, you can remove --with-httpd24 from the above command.

  • if using nginx, follow the caveat instuctions for starting fpm:

    To launch php-fpm on startup:

    mkdir -p ~/Library/LaunchAgents
    cp /usr/local/opt/php55/homebrew.mxcl.php55.plist ~/Library/LaunchAgents/
    launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.php55.plist
    

Install any php extensions you're going to need eg. mcrypt.

$ brew install php55-mcrypt

After you're done, run this again:

$ php -i | grep "SSL Version"

And you should see:

SSL Version => OpenSSL/1.0.2h

And now, re-test your application and the SSLRead() return error -9806 should go away.