This started with a PHP cURL call that worked one month and then did not work two months later, in 2016. cURL started returning precisely boolean false. More specifically, it worked in PHP 5.6.19 / cURL 7.35.0 but not PHP 7.0.8 / cURL 7.47.0.
It had been a long time (never?) since I needed curl_error(). I'd forgotten it existed. Once I used that, I found
"Unknown SSL protocol error in connection to www.example.com:443". Then I found:
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
Note that I needed precisely v1_0. v1 is also an option, but it did not work.
I arrived at the TLS version in part because when I went to the website I was trying to cURL / fetch in Chrome 55, Chrome gave me a red warning / exclamation point triangle and struck through https in the URL. When I single click on the triangle, I get "Your connection to this site is not secure". When I click on "Details," I get "The connection to this site uses an obsolete protocol (TLS 1.0)..."
The following code shows you my results before and after the fix.
The list of SSLVERSION options is at curl.haxx.se
Further commentary and expected output is below the code.
This goes to a former nemesis of mine--the dreaded "Headers already sent" error. I encountered this on two projects in a row a few years ago, and that error really caused me grief. It acts like a virus.
I may write a whole article on that error one day, explaining my own technical rules that I developed in large part due to that error.
The error is caused when you close a tag and then have a newline, or perhaps even a space--I don't remember, but I think one space after the closing tag will cause you great gravy grief. It never occurred to me that you generally don't need the closing tag. You only need it if you're switching between PHP code and raw output--HTML or text or whatever.
The reason this causes problems is that it confuses the HTTP header (which is usually implicit in PHP programming) versus the HTML body of your output. You're violating HTTP syntax.
The problem is insidious in part because that extra space might be in an include file, and then the effects appear random because there are so many files in the "include" / "require" chain.
It wasn't until I create a Drupal module that I knew that one does not generally have to close the tag. Drupal mentions it in an article on on "Headers already sent". In their Drupal 7 "hello world" module documentation, they specifically advised against closing tags. Given that they are going to Drupal 8, I'm having trouble finding that advice, but they are quite clear about the matter in their coding standards.
As you see from the code, my original version calls the website that has the SSL problem. I want my code to be live on my site for a while to make sure what I've posted works. Then, though, there is no reason to keep abusing that site. Also, the site is for "internal use only," so I don't want to publicize it. Yes, I am aware of the warnings against "security by obscurity," but I also have no control over the site and no direct association with it, so it's not my decision to make. If it were my site, I'd probably include the URL and leave my code live.
I'll eventually (probably in the next few hours) post a ZIP file with all the code, minus the URL.
Yes, I understand that a time of "20:38PM" is weird. It offers redundancy, and I'm trying to make it clear to me. And yes, I'm obsessed with specifying time zones to what I hope is exhaustive clarity. In fact, here are the American (North and South America) time zones, according to PHP.
If you have issues with my coding style in this example, I am not necessarily coding for the ages or doing it like I would professionally. I'm trying to get a few key points "out the door," in hopes I can help others (among other reasons). I'm not holding a PHP coding clinic.