I have been trying to load a particular https wsdl via php soapclient.
The error that I am getting is:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://xxxx.com?wsdl' : failed to load external entity "https://xxxx.com?wsdl"
Moreover I also try to "Curl https://xxxx.com?wsdl" as well. The error that I am getting is:
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too
small
I am able to view the particular wsdl via browser. Curl with http instead of https returns the correct response.
The weird thing is that, my colleague has ubuntu 18.04 installed on his machine and he does not have any problems. For your information, I have debian 10 installed and we both have the same IP address.
I really don't understand where the issue can be.
You should try disable certificate validation when construct SoapClient instance
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient($url, [
... ( other params )
'stream_context' => $context
]);
If you use curl from command line you can use the --insecure/-k flag.
Related
I'm working on payment gateway API and API is based on the SOAP request. I have tested it on my local PC (Ubuntu + php 7.2) and it's working fine locally.
my code look like:
$options = array(
'cache_wsdl' => 0,
'trace' => 1,
'stream_context' => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
)
)
);
$soapclient = new SoapClient("domain-name", $options);
but when I moved the code on the server (Cent OS + PHP 5.6) it stop working with following error:
SOAP-ERROR: Parsing WSDL: Couldn't load from domain-name : failed to load external entity domain-name
i know there are lots of similar question have answered on the site (like this, this, this and may more) but I have tried all of them but no luck.
please help me to fix this issue.
thanks.
I had the same problem. my soap API was working on local PC but not working on the server.
then I check the port 8080 status of my server with the following command:
# netstat --listen
or
# netstat -l
then I found that the port was closed. and after opening it SOAP API start working
I hope this will helps you
I'm having the situation where I try to connect to a SSL host via SOAP in a Docker Application.
When trying to do so, I have to disable SSL on transport level in order to get it working. I'm using code like this:
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient(null, [
'location' => 'https://...',
'uri' => '...',
'stream_context' => $context
]);
Which is also the most upvoted answer on this question.
So, what I'd like to achieve is to get the connection running without this hack.
If I leave this out, I receive the following exception:
( ! ) Fatal error: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://api.myhost.tld/gateway/Method?wsdl' : failed to load external entity "https://api.myhost.tld/gateway/Method?wsdl" in /var/www/html/app/code/local/Vendor/MyHost/Model/Method.php on line 31
You need trusted certificate for your domain api.myhost.tld to make it right. So you can buy "official" SSL certificate and attach that to your SOAP webserver or create self signed certificate and add that cert as trusted in your docker image like described there: How do I add a CA root certificate inside a docker image?
Im having a problem with SoapClient and PHP 7.0 to parse wsdl.
Im getting this error:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://ws.ocasa.com/testecommerce/service.asmx?wsdl' : failed to load external entity "https://ws.ocasa.com/testecommerce/service.asmx?wsdl"
If you put this URL in a browser you can see the SOAP, and also in SoapUI it works OK.
I'm using laravel 5.4, and my code is:
$client = new \SoapClient('https://ws.ocasa.com/testecommerce/service.asmx?wsdl',
['soap_version'=>SOAP_1_2]);
I noticed that that website is under SSL TLS 1.0. If I change PHP to 5.6, it works perfect, but with PHP 7.0 it does not work.
If I change to this other WSDL:
https://id3check.gb.co.uk/gbportalinternational/aspx/id3check_1b.asmx?WSDL
Everything works fine.
Thank you
you could choose to ignore a bad cert:
$endpoint = new SOAPClient($url,
array(
'soap_version'=>SOAP_1_2,
'stream_context' => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
)
)
)
);
This would be a solution, should you not have access to the soap server to correct the certificate, or be able to elsewise make your server accept the certificate.
This should be the last solution as indeed you ignore all warnings something is wrong
I have a problem with one WSDL connection with API, after moving to a new OVH VPS machine, so it's maybe some kind of strange misconfiguration.
Other WSDL that I use with SoapClient, work fine, without problems. I'm able to use file_get_contents on the address, but when I use SoapClient I gives a exception "Could not connect to host", when trying to use a procedure from that API.
Any ideas? I've tried some stream_context with some SSL options. What's the funniest, on the other OVH VPS is working fine.
System is Debian 8 with PHP 5.6.19 onboard.
Addresss of the WSDL is here: https://api-test.paczkawruchu.pl/WebServicePwR/WebServicePwRTest.asmx?WSDL
After consultation with WSDL provider, and checking logs on both sides, we found the anwser. It looks like PHP 5.6 have some problems, and you have to change parameters to SOAP 1.2. This resolved finally the problem. Resolution could be found here, in first comment:
SOAP PHP fault parsing WSDL: failed to load external entity?
// options for ssl in php 5.6.5
$opts = array(
'ssl' => array('ciphers'=>'RC4-SHA', 'verify_peer'=>false, 'verify_peer_name'=>false)
);
// SOAP 1.2 client
$params = array ('encoding' => 'UTF-8', 'verifypeer' => false, 'verifyhost' => false, 'soap_version' => SOAP_1_2, 'trace' => 1, 'exceptions' => 1, "connection_timeout" => 180, 'stream_context' => stream_context_create($opts) );
$oSoapClient = new SoapClient ( $url . "?WSDL", $params );
Summary:
Is there a way to force the built in SoapClient-class in PHP to connect over HTTPS to a server with an invalid certificate?
Why would I want to do that?
I have deployed a new application on a server that has no DNS entry or certificate yet. I want to try connecting to it with a SoapClient before setting up the DNS entry and fixing the certificate, and the most reasonable way to do this seems to be to just make the client ignore the certificate during testing.
Don't I realise that this is a huge security risk?
This is only for testing. When the service goes into production, there will be a valid certificate in place, and the client will be forced to validate it.
SoapClient takes a stream context in its parameters, which you can create yourself. That way you can control almost every aspect of the transport layer:
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient(null, [
'location' => 'https://...',
'uri' => '...',
'stream_context' => $context
]);
Documentation:
stream_context_create() Docs
HTTP context options Docs
SSL context options Docs
The accepted answer works but only in the non-WSDL mode. If you try to use this in the WSDL mode (i. e. you pass a WSDL file url as the first argument) you will face the fact that the stream context is ignored when downloading WSDL files. So if the WSDL file is also located on a server with broken certificate, it will fail, most likely throwing the message failed to load external entity. See more here and here.
As suggested, the simplest way around is to download the WSDL file manually and pass the local copy to the SoapClient. You can download it for example with file_get_contents using the very same stream context from the accepted answer.
Note that you will also have to do this when creating a SoapServer.
The correct list for PHP 5.6.8 is
'ssl' => array('verify_peer_name'=>false, 'allow_self_signed' => true),
"verify_peer"=>false,
"verify_peer_name"=>false,
This is working on php 5.6.x;
$arrContextOptions=stream_context_create(array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
)));
$this->client = new \SoapClient("https://tests.com?WSDL",
array(
//"soap_version" => SOAP_1_2,
"trace" => 1, // enable trace to view what is happening
"exceptions" => 0, // disable exceptions
"cache_wsdl" => 0, // disable any caching on the wsdl, encase you alter the wsdl
"stream_context" => $arrContextOptions
)
);
or if you want you can add to cyrpto method
$arrContextOptions=stream_context_create(array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
));