On 09.02.2021 at 13:17, Tamas Papp wrote:
> I might found a bug, but I'm unsure and I'm unsure if it's libcurl or a
> php issue.
>
>
> There is this code (got from a dev, I am a sysadmin):
>
> <?php
> ini_set('display_errors', 1);
> error_reporting(E_ALL);
>
> $ch = curl_init();
> $url = 'https://google.com';
> curl_setopt($ch, CURLOPT_URL, $url);
> curl_setopt($ch, CURLOPT_HEADER, false);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_DNS_CACHE_TIMEOUT, 0);
> curl_setopt($ch, CURLOPT_TIMEOUT, 30);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
> // ORIGINAL:
> //curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept: xml/, text/,
> /\r\n"));
>
> // OK:
> //curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept: /\r"));
>
> // NOK:
> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept: /\r\n"));
>
> $response = curl_exec($ch);
> if(curl_exec($ch) === false) $response .= curl_error($ch);
> curl_close($ch);
>
> print_r($response);
> ?>
>
> There is an extra HTTP header is like this and it works:
>
> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept: /\r"));
>
>
> It does not work if it looks like this:
>
> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept: /\r*\n*"));
>
>
> Or it works if the $url is not *https*, but http.
>
>
> The original code worked on Debian 9 and Ubuntu 18.04 and does not work
> on Debian 10 and Ubuntu 20.04 and no matters if PHP comes from Sury's
> PPA or from the original distribution.
>
> That's why libcurl is suspicious to me.
>
>
> Do you have any thoughts on this?
I don't think that CURLOPT_HTTPHEADERs are supposed to have a trailing CRLF.
Christoph
