I have a WordPress plugin that I created and it has stopped working because of a certificate error.
file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in
I contacted the inmotionhosting and they said the certificate was fine. The code in question is this:
$op = file_get_contents(plugins_url( '../PRTHSEL_Visualizer.html' , __FILE__ ));
It was suggested that I use an https request to get the file. I have searched but cannot find and answer on how to get a file contents within a WordPress plugin via https.
The problem was the file_get_contents() was given a url for a local file. Byt changing the path to a local it now works under PHP7. PHP 5 never verified the SSL by default but PHP7 does.
Related
After December 3, i cant send Emails whit smtp from php (Codeigniter), i have not changed anything, I do not know what is happening.
Does anyone know if there is any update that left some function obsolete in some version of PHP?
Message: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Filename: libraries/Email.php
Thanks for help!
I already solve this problem.
I realized that there is a lot of disinformation on the internet about this topic.
I hope this can be useful!
If you running PHP 5.3.7 or later.
Generate an vbs file from this file.
https://raw.githubusercontent.com/bagder/curl/master/lib/mk-ca-bundle.vbs
Open a Command Prompt as Administrator and run
C:>mk-ca-bundle.vbs
After finish that process you need to modify the php.ini.
openssl.cafile=C:\ca-bundle.crt
Restart the IIS web site and its all
I am using Moodle 2.2 and using TCPDF to generate certificates for students. When user completes the course, Teacher should get the student's certificate as an email attachment.
For normal viewing of certificate I don't have any issue, but when comes to attachment I have to save it on server first. For that I have to invoke 'file_get_contents' method.
But I am getting error.
Code:
file_put_contents($CFG->dataroot.'/certificate/'.$USER->firstname.'_certificate.pdf', file_get_contents($certurl))
Error:
Warning:
file_get_contents(https://example.com/moodle/mod/certificate/view.php?id=84&action=get&uid=19):
failed to open stream: Connection timed out in
/usr/local/apache/htdocs/moodle/mod/quiz/view.php on line 290
It seems file_get_contents returns blank string. I tried cURL also. Both the options work fine to generate and view PDF online. But fails while saving it on server.
Note: I am facing this issue in my new server. It was working fine on my old server.
I can't get a xml file to load.
This code works great:
$url = 'http://www.w3schools.com/xml/note.xml';
$xml = simplexml_load_file($url);
print_r($xml);
But this one
$url = 'https://www.boardgamegeek.com/xmlapi2/thing?id=105551';
$xml = simplexml_load_file($url);
print_r($xml);
doesn't work. I get this error:
Warning: simplexml_load_file(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19 Warning: simplexml_load_file(): Failed to enable crypto in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19 Warning: simplexml_load_file(https://www.boardgamegeek.com/xmlapi2/thing?id=105551): failed to open stream: operation failed in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19 Warning: simplexml_load_file(): I/O warning : failed to load external entity "https://www.boardgamegeek.com/xmlapi2/thing?id=105551" in /storage/content/59/113059/boardgamelevelup.com/public_html/index.php on line 19
The xml file from boardgamegeek works on other sites. Should I use a different php code to load that xml file?
short cookbook answer:
Download https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt and place that file on your server.
Add
$context = stream_context_create(array('ssl'=>array(
'verify_peer' => true,
'cafile' => '/path/to/ca-bundle.crt'
)));
libxml_set_streams_context($context);
to your script so it gets executed before simplexml_load_file().
Or - instead of the code above - set openssl.cafile=/path/to/ca-bundle.crt in your php.ini.
Very short explaination:
Your php version uses openssl to handle the https transport. openssl tries to verify whether the server really is who it claims to be. It does that by checking whether its certificate is trusted. A X.509 certificate contains some data about the owner and is signed by an issuer (itself having a certificate that is again signed and so on and on until a certificate where owner and issuer are identical -> self-signed/root certificate). A certificate is considered "trusted" if in that chain of certificates there is (at least) one certificate on which openssl "says": "ok, I have been instructed to trust this one". This instruction takes the form of (or can take the form of) "here's a file containing certificates that you're supposed to trust" (cafile).
The above code tells the libxml-wrapper of php to tell openssl where that cafile is when simplexml_load_file uses the https/openssl-wrapper.
And openssl.cafile=/path/to/ca-bundle.crt just sets it as default; unless instructed otherwise all openssl operations will use that file - including libxml/simple_xml_loadfile.
The ca-bundle.crt I've linked to is from a project that "claims" to provide the extracted root certificates as shipped with mozilla firefox. Regarding "claims": I have no reason to doubt that this really is the untampered root cert list; but you never know: You're putting your trust a) in this project and b) mozilla doing a good job and only putting trustworthy certificates in that list....
for more explaination see http://phpsecurity.readthedocs.org/en/latest/Transport-Layer-Security-%28HTTPS-SSL-and-TLS%29.html#php-streams
The work and example that #VolkerK displayed was excellent and simple.
While this method didn't work for me, I took it one step further and basically removed the security for the moment.
$context = stream_context_create(array('ssl'=>array(
'verify_peer' => false,
"verify_peer_name"=>false
)));
libxml_set_streams_context($context);
$sxml = simplexml_load_file($webhostedXMLfile);
Yes, this is bad practice, but sometimes you need a temp fix instead of messages like this:
Warning: simplexml_load_file(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
/srv/www/resources/public_html/files/etc/file.php on line 150 Warning:
simplexml_load_file(): Failed to enable crypto in
/srv/www/resources/public_html/files/etc/file.php on line 150
I hope it helps someone else.
I had this piece of code to get the likes of a particular Facebook page in production since years:
$url = 'https://graph.facebook.com/<facebook site id>';
echo json_decode(file_get_contents($url))->{'likes'};
Now we upgraded to PHP 5.6 and it stopped working with the following error message:
Warning: file_get_contents() [function.file-get-contents.php]: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in <some page> on line 182
Warning: file_get_contents() [function.file-get-contents.php]: Failed to enable crypto in <some site> on line 182
Warning: file_get_contents(https://graph.facebook.com/<facebook site id>) [function.file-get-contents.php]: failed to open stream: operation failed in <some page> on line 182
Is there a simple way to fix this?
I know there is a referenced answer but this answer disables SSL verification and I don't want to implement a possible security hole!
CURLOPT_SSL_VERIFYPEER is set to TRUE by default starting with cURL 7.10
You could set it to FALSE again, although it would be wiser to set the CA certificates (see http://php.net/manual/en/function.curl-setopt.php for more info).
Also, keep in mind that file_get_contents will return FALSE on timeout, so it may be a good idea to :
- Set a lower timeout than the default php timeout of 0 seconds
- Handle any returns of FALSE
From http://php.net/manual/en/function.include.php:
If "URL include wrappers" are enabled in PHP, you can specify the file to be included using a URL.
So you can include a file like this:
<?php
include 'https://localhost:1234/index.php';
?>
This works fine if you have a valid SSL certificate but if you're using a self signed certificate the peer certificate verification fails:
Warning: include(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in [...]
This wasn't a problem in older versions but PHP 5.6 enables peer verification by default (http://php.net/manual/en/migration56.openssl.php).
Apparently you can set a default stream context using stream_context_set_default() where you can disable peer verification. So my code would look like this:
<?php
stream_context_set_default(
array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
)
)
);
include 'https://localhost:1234/index.php';
?>
But this doesn't work. The Include() function still attempts to verify the peer and fails. If I use file_get_contents(), fopen(), copy(), readfile(), or file() instead of include(), it works fine.
Now I'm not sure if this is a bug in PHP or if I'm missing something here. Same issue exists with require().
Any ideas?