I my project written in Laravel I have method that get number value from server:
public static function getAddressApiBalance()
{
try {
$uri = "https://btczexplorer.blockhub.info/ext/getbalance/t1ZYiG4R4n5gTgUKZRgVpKPzG5FYQXpEqga";
$response = Http::get($uri);
return $response;
...
And when I call this code I get error in my browser:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
You can disable ssl verification (not recommended!, but quick and easy for dev) :
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
or with guzzle :
$client = new Client(['verify' => false]);
or you can download a cacert.pem file :
https://curl.haxx.se/ca/cacert.pem
and edit your php ini with the path of cacert :
openssl.cafile=/etc/ssl/cacert.pem
\Illuminate\Support\Facades\Http::withOptions([]) accept guzzlet http options
https://docs.guzzlephp.org/en/stable/request-options.html#verify
In Laravel 8 you can use Http API which is easier but still use Guzzle HTTP client behind the scenes. In that case you can disable certificate validation like this:
$client = Http::withOptions([
'debug' => true,
'verify' => false,
])
->get('https://btczexplorer.blockhub.info/ext/getbalance/t1ZYiG4R4n5gTgUKZRgVpKPzG5FYQXpEqga', [
'parameter1' => '1234567',
'parameter2' =>'890',
]);
Of course debug option is not required to disable ssl checking but it helps with testing. Also parameters are just to show how to add them to the request.
You have 3 options to solve that problem (3 way I know) :
1 -> Download certificate file (https://curl.haxx.se/ca/cacert.pem) and move it to your php file. Edit your php.ini after it for the cerfificate file.
2 -> Use verify option in your Request to disable ssl verification
Http::withOptions([
'verify' => false,
])...
3 -> Find Guzzle Client folder to disable ssl for all request
File Locate : \vendor\guzzlehttp\guzzle\src\Client.php
Function : configureDefaults
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => app()->env == "local" ? false : true,
'cookies' => false,
'idn_conversion' => true,
];
Normally verify => true as default. If you edit it only for your local, use it as me or you want to disable it for everything you can use as below.
$defaults = [
...
'verify' => false,
...
]
Related
I'm using PHP 7.0.25 in a vagrant VM with ubuntu 16.04
I need to make a request to this SOAP API:
https://ws.ocasa.com/testecommerce/service.asmx?wsdl
Both php curl and SoapClient are failing
With SoapClient I'm doing this (also tried with no options at all, and just the cache_wsdl part):
$options = array(
'cache_wsdl' => 0,
'trace' => 1,
'stream_context' => stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
))
);
$wsdl = 'https://ws.ocasa.com/testecommerce/service.asmx?wsdl';
$client = new \SoapClient( $wsdl, $options);
Giving me this error:
[SoapFault]
SOAP-ERROR: Parsing WSDL: Couldn't load from
'https://ws.ocasa.com/testecommerce/service.asmx?wsdl' : failed to
load external entity "https:
//ws.ocasa.com/testecommerce/service.asmx?wsdl"
With php curl I endend getting this error:
Unknown SSL protocol error in connection to ws.ocasa.com:443
I cant get the page from the linux curl command line without a problem (from inside the VM, of course)
curl -I https://ws.ocasa.com/testecommerce/service.asmx?wsdl -v
The SSL connection is using TLS1.0 / RSA_3DES_EDE_CBC_SHA1
I tested adding
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
and also tried adding the CA certs: (also tried adding them in the php.ini)
curl_setopt($ch, CURLOPT_CAINFO, '/vagrant/cacert.pem');
Something very strange is that I can curl some other https sites without problem like secure.php.net usgin php curl.
Also, there is no "http" version available to get rid of the whole SSL problem.
Any ideas? I'm missing some dependency maybe? openssl is installed.
Thanks for your time.
Well, I kinda found a solution...
With curl (the CURLOPT_SSLVERSION makes the difference)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wsdl);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml); // $xml is the envelope (string)
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
I couldn't make SoapClient work, even with the SOAP_SSL_METHOD_TLS option.
I'll mark it as resolved, but if some finds how to make it work with SoapClient, that would be the real answer.
This helped me out with making the request (not the ssl part)
Im trying to use the Google API, however, when I run it it shows me the following error:
GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: u
nable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl
-errors.html) in C:\wamp64\www\apigmail\vendor\guzzlehttp\guzzle\src\Handler\Cur
lFactory.php on line 187
Im using WAMP -Server PHP v 7.0.13
Now you can use :
$client = new \GuzzleHttp\Client(['verify' => false ]);
You have to read your error code :)
Its simple you have some SSL errors because your localhost enviroment cant get the data, because you didnt have any SSL certificate.
But here is an solution of your problem in an another thread:
cURL error 60: SSL certificate: unable to get local issuer certificate
you have to add
\GuzzleHttp\RequestOptions::VERIFY => false to the client config:
$this->client = new \GuzzleHttp\Client([
'base_uri' => 'someAccessPoint',
\GuzzleHttp\RequestOptions::HEADERS => [
'User-Agent' => 'some-special-agent',
],
'defaults' => [
\GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
\GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true,
],
\GuzzleHttp\RequestOptions::VERIFY => false,
]);
it will set CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER in the CurlFactory::applyHandlerOptions() method
$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = false;
From the GuzzleHttp documentation
verify
Describes the SSL certificate verification behavior of a request.
Set to true to enable SSL certificate verification and use the default CA bundle > provided by operating system.
Set to false to disable certificate verification (this is insecure!).
Set to a string to provide the path to a CA bundle to enable verification using a custom certificate.
I am Trying To Connect a Soap Api by php
ini_set('soap.wsdl_cache_enabled',0);
ini_set('soap.wsdl_cache_ttl',0);
$opts = array(
'ssl' => array('ciphers'=>'RC4-SHA', 'verify_peer'=>false, 'verify_peer_name'=>false)
);
$params = array ('encoding' => 'UTF-8', 'verifypeer' => false, 'verifyhost' => false, 'soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 1, "connection_timeout" => 5, 'stream_context' => stream_context_create($opts) );
$url = "http://x.x.x.x:8080/ws-relay/MessageRelayService?wsdl";
$client =new SoapClient($url,$params);
$result = $client->sendMessageOneToMany(array(
"username" => 'xxxxx',
"password" => 'xxxxx',
"originator" => "50004132311446",
"destination" => $numbers,
"content" => $massage,
));
but it allways got an
SOAP-ERROR: Parsing WSDL: Couldn't load from 'x.x.x.x:8080/ws-relay/MessageRelayService?wsdl";' : failed to load external entity "x.x.x.x:8080/ws-relay/MessageRelayService?wsdl";")
error !
I also Tried to Curl This WSDL but I got
[root#myhost ~]# curl http://x.x.x.x:8080/ws-relay/MessageRelayService?wsdl
curl: (7) Failed to connect to x.x.x.x port 8080: Connection timed out
Error !
so i also tried to curl portquiz.net:8080/ for test and i got timeout again !
is there some rule in firewall that block me to send request to 8080 ports !
how can i unblock it in centos directadmin vps ?
often this happens because that your ip address has been blocked , or there are an issues with the server it self .
for more info about that , libcurl error codes
CURLE_COULDNT_CONNECT (7)
Failed to connect() to host or proxy.
for your command :
curl http://xx.xx.xx.xx:xxxxws-relay/MessageRelayService?wsdl
when executing it in my own pc i got the response normally .
so you will need to use proxy in your SoapClient class
For making an HTTP connection through a proxy server, the options
proxy_host, proxy_port, proxy_login and proxy_password are also
available.
so you will need to add some params to your $params array ass follows :
$params['proxy_host'] = "proxy_ip";
$params['proxy_port'] = "proxy_port";
it's also possible (personally i recommend this) to use procedures libcurl functions or packages built on it.
if you want to use the cli way , so your command may be some thing like this :
curl http://xx.xx.xx.xx:xxxx/ws-relay/MessageRelayService?wsdl -x "ip_address:ip_port"
for socks5 ips
curl http://xx.xx.xx.xx:xxxx/ws-relay/MessageRelayService?wsdl -x "ip_address:ip_port" --socks5
Using Guzzle 6 I am attempting to communicate with an Https endpoint that uses a self-signed certificate.
I am instantiating my Client class as follows:
$authClient = new Client([
'base_uri' => config('app.auth_uri'),
'verify' => false
]);
And attempting a request:
$res = $this->authClient->request('POST', '/auth', [
'form_params' => [
'client_id' => 'XXXXXXXXXXXXXXX',
'username' => 'RSA',
'grant_type' => 'password'
]
]);
Here is the error I get:
cURL error 35: SSL connect error (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
According to the Guzzle docs I should have done enough to bypass the SSL error.
After all that, it turns out my cURL library didn't support the TLS version used by the endpoint. It's a known problem on Centos 6.x servers which my Vagrant box was.
I updated my libcurl with the help of this guide:
Update cURL library on Centos 6
Having an issue when trying to read a stream :
$result = file_get_contents($url, false, stream_context_create(
['http' => ['timeout' => (float) $this->options['timeout']]]
));
SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Before anyone answers i am not going to do
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
),
Am hoping someone else has used letsencrypt and has some proper way of making sure its validated.
feel free to check my cert on my domain lukepolo.com
openssl.cafile=
curl.cainfo=
in your php.ini , you need both
You'll probably have to install the CA certificate (this page has links to download the CA file). You might have to try each of the various signed to get it to work. Get the PEM version and save it to your server and then change your code like so
$result = file_get_contents($url, false, stream_context_create(
[
'http' => ['timeout' => (float) $this->options['timeout']],
'ssl' => ['cafile' => '/path/to/file.pem']
]
));