We Keep Coding

PHP Soap Client cannot load https wsdl link

I have been trying to load a particular https wsdl via php soapclient.
The error that I am getting is:
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://xxxx.com?wsdl' : failed to load external entity "https://xxxx.com?wsdl"
Moreover I also try to "Curl https://xxxx.com?wsdl" as well. The error that I am getting is:
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too
small
I am able to view the particular wsdl via browser. Curl with http instead of https returns the correct response.
The weird thing is that, my colleague has ubuntu 18.04 installed on his machine and he does not have any problems. For your information, I have debian 10 installed and we both have the same IP address.
I really don't understand where the issue can be.

You should try disable certificate validation when construct SoapClient instance
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient($url, [
... ( other params )
'stream_context' => $context
]);
If you use curl from command line you can use the --insecure/-k flag.

php SoapClient fails to connect, but command line curl call works

I have a LAMP server (#1) that is communicating via soap with another server (#2) via WSDL. If I issue a curl call on the command line of server 1 to the URL of server 2, it works fine and get the appropriate WSDL response, but a php soapclient to the same URL is getting a "failed to load external entity" error. This was working before when we had a self signed certificate on server 2, but quit working about the same time we upgraded to a CA certificate.
Funny thing is this server is load balanced with another server at a different location (different OS, but same php code/database) and the second server isn't having any issues at all.
Here is the code I am using for the soap client:
function getSoapClient(){
ini_set("soap.wsdl_cache_enabled", 0);
// standard soap client for application service
$post_url = lum_getString("[CAMPAIGN_POST_URL]").
"?enterprise=".lum_getString("[CAMPAIGN_ENTERPRISE]").
"&company=".lum_getString("[CAMPAIGN_COMPANY]");
$options = array(
'trace' => true,
'cache_wsdl' => WSDL_CACHE_NONE,
'exceptions' => 1,
'verifypeer' => false,
'verifyhost' => false,
'allow_self_signed' => true,
'login' => lum_getString("[CAMPAIGN_POST_ID]"),
'password' => lum_getString("[CAMPAIGN_POST_LC]"),
);
$context = stream_context_create(
array(
'user_agent' => 'PHPSoapClient',
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
),
'https' => array(
'curl_verify_ssl_peer' => false,
'curl_verify_ssl_host' => false,
)
)
);
$options['stream_context'] = $context;
$client = new SoapClient($post_url."&wsdl",$options);
return $client;
}
The curl and soapclient are using the same ports so it shouldn't be a firewall issue.
Any help in identifying the issue or helping me figure what is wrong is greatly appreciated.

Turns out it appears to be a firewall issue. I opened up all access from server 1 to server 2 and things started working. Not too sure what the issue was. I reduced the options to just the login and password, it's still working. Firewalls are often the answer.
Any ideas regarding the firewall, the correct ports, and why it wasn't working is much appreciated.
Why was cURL working and SOAP not?

PHP7 SoapClient verify_peer_name: SOAP Error: Could not connect to host

My Paypal Code is not running with the option verify_peer_name => true. When I try the same Soap Request with option false it works, seems like a PHP7 Bug to me? This works for me with PHP5.3.
I always get the error:
Could not connect to host
I have installed the certificates on my server and I am also able to curl the url without problems, only the SoapClient is not working as supposed.
Does anybody know, what the parameter verify_peer_name really does?
$client = new SoapClient("https://xxx.paypal/the.wsdl",
array(
"trace" => 1,
"location" => "https://xxx.paypal/the.wsdl",
'exceptions' => 1,
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'verify_peer_name' => true,
)
)
)
)
);

I found about verify_peer_name and got this.. Check if it can help u:
peer_name string
Peer name to be used. If this value is not set, then the name is guessed based on the hostname used when opening the stream.
verify_peer boolean
Require verification of SSL certificate used.
Defaults to TRUE.
verify_peer_name boolean
Require verification of peer name.
Defaults to TRUE.

PHP SoapClient over selfsigned certificate, SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://

I browsed the net for three days and I still can not solve my problem... That's why I ask for your help :)
I try to call a web servcice over https with selfsigned certificate and i get the following error : SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://...
My code :
$streamContext = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true
)
));
$client = new SoapClient("https://DOMAIN/ws.php?wsdl", array(
'trace' => true,
'stream_context' => $streamContext
));
$client->method($params);
I tried to :
Change values of "verify_peer" and "allow_self_signed" options ;
Replace "ssl" key by "https" in stream_context array ;
Load the WSDL file locally but i get the following error : Could not connect to host (my endpoint : https://DOMAIN/ws.php);
Clear my client cache ;
Use Zend_Soap_Client and nusoap library.
Also, I checked the connection between the client and the server with the following commands "ping DOMAIN" and "telnet DOMAIN 443" and everything is ok.
It seems the "stream_context" option is ignored or the problem is elsewhere ?!
Is it a php Bug ?!
All suggestions will be appreciated.
Thx

I had a very similar problem and I added 'verify_peer_name' => false to the stream context. So...
$streamContext = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
));
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues before using this as a solution.

Disable certificate verification in PHP SoapClient

Summary:
Is there a way to force the built in SoapClient-class in PHP to connect over HTTPS to a server with an invalid certificate?
Why would I want to do that?
I have deployed a new application on a server that has no DNS entry or certificate yet. I want to try connecting to it with a SoapClient before setting up the DNS entry and fixing the certificate, and the most reasonable way to do this seems to be to just make the client ignore the certificate during testing.
Don't I realise that this is a huge security risk?
This is only for testing. When the service goes into production, there will be a valid certificate in place, and the client will be forced to validate it.

SoapClient takes a stream context in its parameters, which you can create yourself. That way you can control almost every aspect of the transport layer:
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient(null, [
'location' => 'https://...',
'uri' => '...',
'stream_context' => $context
]);
Documentation:
stream_context_create() Docs
HTTP context options Docs
SSL context options Docs

The accepted answer works but only in the non-WSDL mode. If you try to use this in the WSDL mode (i. e. you pass a WSDL file url as the first argument) you will face the fact that the stream context is ignored when downloading WSDL files. So if the WSDL file is also located on a server with broken certificate, it will fail, most likely throwing the message failed to load external entity. See more here and here.
As suggested, the simplest way around is to download the WSDL file manually and pass the local copy to the SoapClient. You can download it for example with file_get_contents using the very same stream context from the accepted answer.
Note that you will also have to do this when creating a SoapServer.

The correct list for PHP 5.6.8 is
'ssl' => array('verify_peer_name'=>false, 'allow_self_signed' => true),

"verify_peer"=>false,
"verify_peer_name"=>false,
This is working on php 5.6.x;
$arrContextOptions=stream_context_create(array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
)));
$this->client = new \SoapClient("https://tests.com?WSDL",
array(
//"soap_version" => SOAP_1_2,
"trace" => 1, // enable trace to view what is happening
"exceptions" => 0, // disable exceptions
"cache_wsdl" => 0, // disable any caching on the wsdl, encase you alter the wsdl
"stream_context" => $arrContextOptions
)
);
or if you want you can add to cyrpto method
$arrContextOptions=stream_context_create(array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
));