I created the following helper function:
function mainSoap(){
return new SoapClient('https://soap.url',[
'stream_context' => stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
]);
}
and I'm using it like $result=mainSoap()->GetSometing($parameters);
Everything works fine, but in terms of performance, I would like to know if is better to close the soap connection or not.
UPDATE
I created another function in order to close the connection after getting the response, but I still could't find a close method for SoapClient.
function mainSoap(string $call=null, array $vars=[]){
$url="https://soap.url";
$wsdl=new SoapClient($url,[
'trace' => false,
'keep_alive' => false,
'stream_context' => stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]),
'compression' => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP | SOAP_COMPRESSION_DEFLATE
]);
$response=$wsdl->__soapCall($call,$vars);
//Looking for something like $wsdl->close();
return $response;
}
and I'm using it like $result=mainSoap('GetSometing',[$parameters]);
The SoapClient follows the normal HTTP Request life cycle,
That is to say, your SoapClient does not maintain a constant connection to the server, it will only connect out and receive data when called, similarly to how your browser does not maintain a connection to a server once a request completes, as the request is terminated, unless you set keep_alive to true.
So, in short, you can't "close" a SoapClient because there's nothing to close after you've called it, it's already closed the connection.
Relevant Links:
Wikipedia article on Http (Persistent Connections Section)
MDN Documentation on Keep-Alive header
Related
I have a script that uses guzzle to make an API call. The api server checks for headers and it is case sensitive.
Below is an example code of mine
<?php
$headers = [
'set_headers' => [
'Connection' => 'Keep-Alive',
'Accept-Encoding' => ‘gzip’,
'Accept-Language' => ‘en_US’,
'US-Token' => '1f23a-d234s-3s45d-452g',
'AToken' => 'XXXX'
],
];
// Build HTTP request object.
$request = \GuzzleHttp\Psr7\Request( // Throws (they didn't document that properly).
'POST',
'htps://api.website.com/',
$headers,
bodystream() //StreamInterface
);
// Default request options (immutable after client creation).
$_guzzleClient = new \GuzzleHttp\Client([
'handler' => $stack, // Our middleware is now injected.
'allow_redirects' => [
'max' => 8, // Allow up to eight redirects (that's plenty).
],
'connect_timeout' => 30.0, // Give up trying to connect after 30s.
'decode_content' => true, // Decode gzip/deflate/etc HTTP responses.
'timeout' => 240.0, // Maximum per-request time (seconds).
// Tells Guzzle to stop throwing exceptions on non-"2xx" HTTP codes,
// thus ensuring that it only triggers exceptions on socket errors!
// We'll instead MANUALLY be throwing on certain other HTTP codes.
'http_errors' => false,
]);
// Add critically important options for authenticating the request.
$guzzleOptions = [
'cookies' => ($_cookieJar instanceof CookieJar ? $_cookieJar : false),
'verify' => file_exists('/etc/ssl/certs/cacert.pem') ? '/etc/ssl/certs/cacert.pem' : $_verifySSL,
'proxy' => ($_proxy !== null ? $_proxy : null),
'curl' => [
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_2, // Make http client work with HTTP 2/0
CURLOPT_SSLVERSION => 1,
CURLOPT_SSL_VERIFYPEER => false
]
];
// Attempt the request. Will throw in case of socket errors!
$response = $_guzzleClient->send($request, $guzzleOptions); ?>
I tested the same request with cURL and it works perfectly. Is there a way I can rectify this in the guzzle php library, thanks in advance.
I hope this question won't be marked as duplicate as I read many related questions and answers on the site: although I tried most of the suggestions out there I still couldn't resolve my problem.
My codebase : (I left comments on purpose to give an idea of what I have been trying so far, based on my browsing)
try {
$opts = array(
//~mrossw 'http' => array(
//~mrossw 'user_agent' => 'PHPSoapClient'
//~mrossw ),
//~mrossw 'socket' => array('bindto' => '158.69.189.149')
'socket' => array('bindto' => '127.0.0.1')
//~mrossw ,
//~mrossw 'ssl' => [
//~mrossw 'verify_peer' => true,
//~mrossw 'verify_peer_name' => true,
//~mrossw 'allow_self_signed' => true
//~mrossw ]
);
$context = stream_context_create($opts);
$client = new SoapClient("https://ws_provider_hostname:xxxx/foo/bar/blah/Operaciones/OpFooBarBlahReqABCS?wsdl",
//~mrossw $client = new SoapClient($doc_root.'OpCotizadorVehiculoExtReqABCS.xml',
array(
'location' => "https://ws_provider_hostname:xxxx/foo/bar/blah/Operaciones/OpFooBarBlahReqABCS?wsdl",
'uri' => "https://ws_provider_hostname:xxxx/foo/bar/blah/Operaciones",
// Stuff for development.
'trace' => 1,
'exceptions' => true,
'keep_alive' => true,
'connection_timeout' => 120,
'stream_context' => $context,
'cache_wsdl' => WSDL_CACHE_NONE,
'compression' => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP | SOAP_COMPRESSION_DEFLATE,
//~mrossw 'local_cert' => $certRequest_param['sslcertfile'],
//~mrossw 'login'=>'username',
//~mrossw 'password' => 'password'
)
);
} catch (Exception $e) {
echo \"<h2>Exception Error!</h2>\";
echo $e->getMessage();
// print_r($e);
}
The WS provider has an dev environment on port xxxx and a prod env on port yyyy. Hostname and path request are the same.
SoapClient instanciation and operation call work perfect in dev env.
When i change the port to fetch against prod env I get the following error:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://ws_provider_hostname:xxxx/foo/bar/blah/Operaciones/OpFooBarBlahReqABCS?wsdl' : failed to load external entity "https://ws_provider_hostname:xxxx/foo/bar/blah/Operaciones/OpFooBarBlahReqABCS?wsdl"
Provider says my public web server's IP is correctly set as allowed in their firewall. It looks right because when I tried to run the code from a different server with different IP and it fails with the same error in both dev and prod env.
When I run that code from a server inside a private network, it works in both
environment ! I don't know much about security, but this sounds to me like a security breach. I mention it here though, in case it can give a clue. I guess this is because this server has a private ip and the provider's firewall don't filter it.
When I go to https://ws_provider_hostname:xxxx/foo/bar/blah/Operaciones/OpFooBarBlahReqABCS?wsdl in my PC browser i get the correct wsdl's xml.
Do you have an idea of what can prevent the code to work form my public web server ?
Or maybe what else can I check ?
For example I couldn't find a way to check the ws server's http response code from outside my browser.
I could neither get a curl request form bash to return the wsdl xml, but that should be another question maybe.
Also let me know if i can provide any other relevant test or data.
I want to use a package (Cloudinary) to upload an image, after all the setup, I am getting an error
This is the code from Cloudinary documentation,
$uploadedFileUrl = cloudinary()->upload($request->file('profile_image')->getRealPath())->getSecurePath();
So I can't set Guzzle verification to false in this way
$client = new Client([
'base_uri' => ''
, 'headers' => $headers,
'verify' => false,
'VERIFY_PEER' => true,
'http_errors' => false,
]);
My problem is, how do I set Guzzle Http Client verification to false, generally in the application
If you want to add any Guzzlehttp's options within Laravel app you can just use the withOptions method.
https://laravel.com/docs/9.x/http-client#guzzle-options
Http::withOptions([
'verify' => false,
])->get('http://whatever.com');
Statement: At the beginning I would like to state, that I'm well aware (and want to inform others) that this is not the proper way of doing things. If soultion is found, use it as last resort.
My problem is Weak Algorithm. And can't find a way to skip checks.
Company which exposes me endpoint states it is secure and they're not going to upgrade SSL Certificate. I know it's insecure, but can't do anything and must obey their decision.
Error i get file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
and file_get_contents(): Failed to enable crypto in...
My code is:
$context = stream_context_create([
'http' => [
'timeout' => 5,
],
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
var_dump(file_get_contents($wsdl, false, $context));
In browser i ge SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY and information about weak Diffie Hellman key.
I'm looking for a way to disable this check.
Most preferably via streamContext which I can use in SoapClient
You need disable Diffie Hellman validation:
$context = stream_context_create(array(
'ssl' => array(
'ciphers' => 'DEFAULT:!DH',
...
If need disable the validation of the certificate you need:
$context = stream_context_create(array(
'ssl' => array(
'ciphers' => 'DEFAULT:!DH',
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
Using the php Soapclient I got the exception:
Uncaught SoapFault exception: [HTTP] Proxy Authentication Required
But when using a web browser with the same proxy set up, without specifying any credentials for that proxy, I can connect getting a XML response.
The system department ensures that there is no need for authenticate. Also I'm using the SoapUI just configuring the proxy for testing porpouses, without credentials again, and I can call the methods in the WS.
Why is the php SoapClient throwing that exception? Here is the code I'm using...
$this->client = new SoapClient( null, array(
'location' => 'http://www.xxxxx.dev',
'uri' => self::URI,
'proxy_host' => self::PROXY_HOST,
'proxy_port' => self::PROXY_PORT,
) );
Following solve the exception
$this->client = SoapClient( self::URL , array(
'proxy_host' => self::PROXY_HOST,
'proxy_port' => self::PROXY_PORT,
'authentication' => SOAP_AUTHENTICATION_BASIC,
'stream_context' => stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => false
)
))
));
Misunderstood with the documentation, "URI of the WSDL file or NULL if working in non-WSDL mode" and I was expecting first parameter as a file, not an URL. In some of the attempts I already tried but forgetting to set up the stream context with the SSL parameter to skip peer verification. ( probably SOAP_AUTHENTICATION_BASIC isn't necessary )
Hope it helps someone