Using Guzzle 6 I am attempting to communicate with an Https endpoint that uses a self-signed certificate.
I am instantiating my Client class as follows:
$authClient = new Client([
'base_uri' => config('app.auth_uri'),
'verify' => false
]);
And attempting a request:
$res = $this->authClient->request('POST', '/auth', [
'form_params' => [
'client_id' => 'XXXXXXXXXXXXXXX',
'username' => 'RSA',
'grant_type' => 'password'
]
]);
Here is the error I get:
cURL error 35: SSL connect error (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
According to the Guzzle docs I should have done enough to bypass the SSL error.
After all that, it turns out my cURL library didn't support the TLS version used by the endpoint. It's a known problem on Centos 6.x servers which my Vagrant box was.
I updated my libcurl with the help of this guide:
Update cURL library on Centos 6
Related
I my project written in Laravel I have method that get number value from server:
public static function getAddressApiBalance()
{
try {
$uri = "https://btczexplorer.blockhub.info/ext/getbalance/t1ZYiG4R4n5gTgUKZRgVpKPzG5FYQXpEqga";
$response = Http::get($uri);
return $response;
...
And when I call this code I get error in my browser:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
You can disable ssl verification (not recommended!, but quick and easy for dev) :
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
or with guzzle :
$client = new Client(['verify' => false]);
or you can download a cacert.pem file :
https://curl.haxx.se/ca/cacert.pem
and edit your php ini with the path of cacert :
openssl.cafile=/etc/ssl/cacert.pem
\Illuminate\Support\Facades\Http::withOptions([]) accept guzzlet http options
https://docs.guzzlephp.org/en/stable/request-options.html#verify
In Laravel 8 you can use Http API which is easier but still use Guzzle HTTP client behind the scenes. In that case you can disable certificate validation like this:
$client = Http::withOptions([
'debug' => true,
'verify' => false,
])
->get('https://btczexplorer.blockhub.info/ext/getbalance/t1ZYiG4R4n5gTgUKZRgVpKPzG5FYQXpEqga', [
'parameter1' => '1234567',
'parameter2' =>'890',
]);
Of course debug option is not required to disable ssl checking but it helps with testing. Also parameters are just to show how to add them to the request.
You have 3 options to solve that problem (3 way I know) :
1 -> Download certificate file (https://curl.haxx.se/ca/cacert.pem) and move it to your php file. Edit your php.ini after it for the cerfificate file.
2 -> Use verify option in your Request to disable ssl verification
Http::withOptions([
'verify' => false,
])...
3 -> Find Guzzle Client folder to disable ssl for all request
File Locate : \vendor\guzzlehttp\guzzle\src\Client.php
Function : configureDefaults
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => app()->env == "local" ? false : true,
'cookies' => false,
'idn_conversion' => true,
];
Normally verify => true as default. If you edit it only for your local, use it as me or you want to disable it for everything you can use as below.
$defaults = [
...
'verify' => false,
...
]
Im trying to use the Google API, however, when I run it it shows me the following error:
GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: u
nable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl
-errors.html) in C:\wamp64\www\apigmail\vendor\guzzlehttp\guzzle\src\Handler\Cur
lFactory.php on line 187
Im using WAMP -Server PHP v 7.0.13
Now you can use :
$client = new \GuzzleHttp\Client(['verify' => false ]);
You have to read your error code :)
Its simple you have some SSL errors because your localhost enviroment cant get the data, because you didnt have any SSL certificate.
But here is an solution of your problem in an another thread:
cURL error 60: SSL certificate: unable to get local issuer certificate
you have to add
\GuzzleHttp\RequestOptions::VERIFY => false to the client config:
$this->client = new \GuzzleHttp\Client([
'base_uri' => 'someAccessPoint',
\GuzzleHttp\RequestOptions::HEADERS => [
'User-Agent' => 'some-special-agent',
],
'defaults' => [
\GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
\GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true,
],
\GuzzleHttp\RequestOptions::VERIFY => false,
]);
it will set CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER in the CurlFactory::applyHandlerOptions() method
$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = false;
From the GuzzleHttp documentation
verify
Describes the SSL certificate verification behavior of a request.
Set to true to enable SSL certificate verification and use the default CA bundle > provided by operating system.
Set to false to disable certificate verification (this is insecure!).
Set to a string to provide the path to a CA bundle to enable verification using a custom certificate.
I am Trying To Connect a Soap Api by php
ini_set('soap.wsdl_cache_enabled',0);
ini_set('soap.wsdl_cache_ttl',0);
$opts = array(
'ssl' => array('ciphers'=>'RC4-SHA', 'verify_peer'=>false, 'verify_peer_name'=>false)
);
$params = array ('encoding' => 'UTF-8', 'verifypeer' => false, 'verifyhost' => false, 'soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 1, "connection_timeout" => 5, 'stream_context' => stream_context_create($opts) );
$url = "http://x.x.x.x:8080/ws-relay/MessageRelayService?wsdl";
$client =new SoapClient($url,$params);
$result = $client->sendMessageOneToMany(array(
"username" => 'xxxxx',
"password" => 'xxxxx',
"originator" => "50004132311446",
"destination" => $numbers,
"content" => $massage,
));
but it allways got an
SOAP-ERROR: Parsing WSDL: Couldn't load from 'x.x.x.x:8080/ws-relay/MessageRelayService?wsdl";' : failed to load external entity "x.x.x.x:8080/ws-relay/MessageRelayService?wsdl";")
error !
I also Tried to Curl This WSDL but I got
[root#myhost ~]# curl http://x.x.x.x:8080/ws-relay/MessageRelayService?wsdl
curl: (7) Failed to connect to x.x.x.x port 8080: Connection timed out
Error !
so i also tried to curl portquiz.net:8080/ for test and i got timeout again !
is there some rule in firewall that block me to send request to 8080 ports !
how can i unblock it in centos directadmin vps ?
often this happens because that your ip address has been blocked , or there are an issues with the server it self .
for more info about that , libcurl error codes
CURLE_COULDNT_CONNECT (7)
Failed to connect() to host or proxy.
for your command :
curl http://xx.xx.xx.xx:xxxxws-relay/MessageRelayService?wsdl
when executing it in my own pc i got the response normally .
so you will need to use proxy in your SoapClient class
For making an HTTP connection through a proxy server, the options
proxy_host, proxy_port, proxy_login and proxy_password are also
available.
so you will need to add some params to your $params array ass follows :
$params['proxy_host'] = "proxy_ip";
$params['proxy_port'] = "proxy_port";
it's also possible (personally i recommend this) to use procedures libcurl functions or packages built on it.
if you want to use the cli way , so your command may be some thing like this :
curl http://xx.xx.xx.xx:xxxx/ws-relay/MessageRelayService?wsdl -x "ip_address:ip_port"
for socks5 ips
curl http://xx.xx.xx.xx:xxxx/ws-relay/MessageRelayService?wsdl -x "ip_address:ip_port" --socks5
I'm using Wsdl2PhpGenerator to create my soap client; was was working fine with PHP v5.4, but now I've upgraded to PHP 7 I get an error:
Uncaught SoapFault: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://sussexbedcentre.retailsystem.net/services/v2/GetCatalog.asmx?WSDL' : failed to load external entity
I have tried:
Connecting to a non SSL soap service - worked fine, so must be the SSL.
Every ssl_method
soap.wsdl_cache_enabled, soap.wsdl_cache_ttl, soap.wsdl_cache all set to 0
Verified openssl, soap, xmlrpc php extensions all loaded ok
PEM file and passphrase worked fine under PHP 5.4
Any ideas what else I can try to get to the bottom of this?
Code I'm using is:
$cert = 'rs_ssl.pem';
$generator = new \Wsdl2PhpGenerator\Generator();
$generator->generate(
new \Wsdl2PhpGenerator\Config(array(
'inputFile' => 'https://sussexbedcentre.retailsystem.net/services/v2/GetCatalog.asmx?WSDL',
'outputDir' => 'soapclass/',
'soapClientOptions' => array(
'local_cert' => $cert,
'passphrase' => '*******',
'connection_timeout' => 60,
'trace' => 1,
'soap_version' => SOAP_1_2
)
))
);
If I switch back to PHP 5.4 with the same code it works fine.
Thanks!
i am using this package
https://github.com/Vinelab/cdn
for laravel CDN asset management
after configring all the package when i execute this command to push assets to s3 bucket
php artisan cdn:push
its show me error
\Exception\S3Exception] executing "ListObjects" on
"https://s3.eu-central1.amazonaws.com/moberries-assets?encode=url";
AWS HTTP error: cURL error 60: Peer certificate cannot be
authenticated with gi certificates
Http\Exception\RequestException] ror 60: Peer certificate cannot be
authenticated with given CA certificates
Http\Ring\Exception\RingException] ror 60: Peer certificate cannot be
authenticated with given CA certificates
i vitist the followign links for this issue and also include the cancert certificate in the project file.
when i run the command it always shown the above mentioned error
i consult the following links
enter link description here
Please if one has its solution for laravel project then reply fast.Thanks
This error occur because the package not load the cacert.pen certificate file from their config/cdn.php while connecting to the server so, server always reject the request and give authentication error
solution:
Add cacert.pen certificate file in public directory of your project
And add the following code to AwsS3Provider.php package file
File path is
\xampp\htdocs\yourproject\vendor\vinelab\cdn\src\Vinelab\Cdn\Providers\AwsS3Provider.php on line 161 below the region code
'http' => ['verify' => public_path().'/cacert.pem',],
I have faced this similar issue after update my project library. Finally, Kashif Ali answer gives me some clue.
But I could not find where to put cacert.pem file.
After I update this below setting to config/fileSystem.php, it's solved my problem.
's3' => [
'driver' => 's3',
'key' => env('S3_KEY','your key'),
'secret' => env('S3_SECRET','your secret'),
'region' => env('S3_REGION','your region'),
'bucket' => env('S3_BUCKET',"bucket name"),
'http' => ['verify'=> public_path('cacert.pem')]
],
Add cacert.pem to your project public directory and add complete path here like
'http' => ['verify'=> 'D:myProjectDirectory/cacert.pem')]