I've got this problem:
I'm using a Web Service with PHP soap. Everything works fine on my localhost, but when I put it on the remote server I get this error:
SoapClient::SoapClient(): SSL operation failed with code 1.
OpenSSL Error messages: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Remote server is running on HTTPS. Remote server uses PHP 5.3 and on localhost PHP 5.5. Does anybody know why it works on localhost and not on the remote server? And if so, how can I fix this problem? I already read more than 10 questions but none of them worked and 60% of them were for JAVA and not for PHP. I will greatly appreciate any kind of help, because I'm trying to get this fixed more than 3 whole days. This is how I call Web Service:
$wsdl_url = 'https://somehost.com/someWebservice.wsdl';
$client = new SoapClient($wsdl_url, array('login' => $username, 'password' => $password, 'trace' => true));
EDIT: I'm using another 3 Web Services on my remote server and they work fine. That's one more reason why I don't have any clue why this one doesn't work.
So ive already fixed the problem with handshake failure. It was due to php version. As soon as i upgraded to php 5.5 it solved the problem.
Related
I'm having problems connecting a Php client app to an Ssl enabled ActiveMq installation. I've looked at many sources and am getting more confused as I go.
My setup so far uses authentication via users/groups.properties and authorizationPlugin. This works fine on regular connections
For ActiveMq Ssl I followed a few articles and created the Jks store and certs and also configured with the following
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/server.ks"
keyStorePassword="$STORE_PASS"
trustStore="file:${activemq.base}/conf/server.ts"
trustStorePassword="$STORE_PASS" />
</sslContext>
<transportConnector
name="stomp+ssl" uri="stomp+ssl://0.0.0.0:61617?needClientAuth=true"/>
I also tried the ACTIVEMQ_SSL_OPTS approach. Both load fine when starting the server. Logs show Sll connector started. I also checked the php cli to make sure Sll is enabled on stomp installation
The problem I'm having is with the Php stomp client. First, these are the articles I read.
http://activemq.apache.org/how-do-i-use-ssl.html
http://php.net/manual/en/stomp.construct.php
https://github.com/stomp-php/stomp-php/wiki/Connectivity
From my understanding, there are two php stomp libs based on the documentation I can't figure out how to set all this up. The php site docs simply give an example of using the constructor with ssl protocol
$link = stomp_connect('ssl://localhost:61612', $user, $pass, $headers);
This doesn't work, I get a null cert error in the logs.
The other article that uses FuseSource stomp has options for including a client cert when establishing a connection but after getting further into the article it looks like it's just to authenticate via Sll cert and not with a user/pass.
https://github.com/rethab/php-stomp-cert-example/blob/master/README.md
So I went back to the previous stomp installation thinking there's a way to pass the client cert files but there doesn't seem to be an interface for it and no docs on the headers param which I'm assuming is not how to go about this.
Can someone shed some light on were in this complex mess I went wrong.
I don't know if you're still interested, but just in case someone stumbles upon this question hoping for an answer.
We're using https://github.com/stomp-php/stomp-php/ for our Stomp connection and this is roughly how we create the client:
function createClient($broker_url, $login, $password) {
$client = new \Stomp\Client($broker_url);
$sslContext = [
'ssl' => [
'cafile' => '/path/to/cert',
'verify_peer' => true,
'verify_peer_name' => false,
'ciphers' => 'HIGH',
],
];
$client->getConnection()->setContext($sslContext);
$client->setLogin($login, $password);
$client->connect();
return new \Stomp\StatefulStomp($client);
}
$broker_url should be in the format ssl://host:port.
I have a website which frequently makes SOAP calls to a particular API. The site was working fine for a few months of time, however the SOAP functionality suddenly stopped working without any known reason, the error was "Cannot connect to host".
The WSDL service has not moved or shut down.
After this I updated plesk from version 12 to version 17. SOAP client is still not working but now its a different error:
SOAP-ERROR: Parsing WSDL: Couldn't load from (URL) : failed to load external entity (URL)
This is my SOAP call:
$opts = array('http'=>array('user_agent' => 'PHPSoapClient'));
$context = stream_context_create($opts);
libxml_disable_entity_loader(false);
$client = new SoapClient($url,array('stream_context' => $context,'cache_wsdl' => WSDL_CACHE_NONE));
Any possible solutions?
EDIT:
New information came in, so the API server had DNS problems, how can I restore my connection to the API?
Your php server is clearly not reaching out the soap server. This might help:
Try checking directly from php server if the service are reachable:
wget {url} > page.txt
nano (or equivalent) page.txt
Try using other program to consume the server, I suggest Soap Ui
On the php server try ping the service url and see if the IP is resolved.
Check if any other soap service is reachable, you can use this service
If this not help you coming up with a solution, post here the results to help others solving it.
It's a late night. I just spent 10 hours in google/stackoverflow search and experiments. And seems I hate Apple Push Notifications. I'm totally frustrated and will appreciate any help.
Thank you.
The problem:
The PHP code for sending Apple Push Notifications, which successfully worked two weeks ago stopped to work now and throws following errors:
PHP Warning: stream_socket_client(): Failed to enable crypto in /home/...
PHP Warning: stream_socket_client(): unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /home/...
It stopped to work on two separate servers, which are using separate scripts for APNs sending.
Environment:
Servers: CentOS 6.5 with PHP 5.4.32 and Ubuntu 14.04.3 with PHP 5.5.9
APN: In production mode
Certificates: tested with 700+ push notifications.
One of the servers is using https://github.com/immobiliare/ApnsPHP, other - https://github.com/antongorodezkiy/wp-apn, on localhost I tested simple file without using any third party code.
Investigation:
For all cases below I used the same active device token and the same production PEM certificate.
php
However, even this simple code doesn't work on both servers and localhost and return the same error as above:
$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', '/absolute/path/to/apn_prod.pem');
// Open a connection to the APNS server
$fp = stream_socket_client(
'ssl://gateway.push.apple.com:2195', $err,
$errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);
I also tried to play with stream_context_set_option() options, include entrust_2048_ca.cer, etc, and even some options from this article. Although provided code worked without any modifications before August 2015.
openssl
Connection worked with openssl (link):
openssl s_client -connect gateway.push.apple.com:2195 -cert /absolute/path/to/apn_prod.pem -debug -showcerts -CAfile /absolute/path/to/server-ca-cert.pem
And got with CONNECTED(00000003) and Verify return code: 0 ( ok ).
telnet
Connection worked with telnet:
-sh-4.1$ telnet gateway.push.apple.com 2195
Trying 17.172.233.150...
Connected to gateway.push.apple.com.
pecl apn
It didn't send push notification. I just tried to use adaptation of sample code, but got the error Invalid token. The token is active and same token I used everywhere and for Houston and Ruby too.
houston
It worked with Houston
apn push "0346a53f...231d9d6abe11" -c /absolute/path/to/apn_prod.pem -m "Hello from the command line!" -e "production"
ruby
I'm not a Ruby programmer (yet at least), but after success with Houston, I found and adapted Ruby code without Houston dependency.
And it worked:
#!/usr/bin/env ruby
require 'openssl'
require 'socket'
require 'json'
token = "0346a53f...231d9d6abe11"
cert = File.read("/absolute/path/to/apn_prod.pem")
ctx = OpenSSL::SSL::SSLContext.new
ctx.key = OpenSSL::PKey::RSA.new(cert, '') #set passphrase here, if any
ctx.cert = OpenSSL::X509::Certificate.new(cert)
sock = TCPSocket.new('gateway.push.apple.com', 2195) #development gateway
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect
payload = {"aps" => {"alert" => "Oh hai!", "badge" => 1, "sound" => 'default'}}
json = payload.to_json()
token = [token.delete(' ')].pack('H*') #something like 2c0cad 01d1465 346786a9 3a07613f2 b03f0b94b6 8dde3993 d9017224 ad068d36
apnsMessage = "\0\0 #{token}\0#{json.length.chr}#{json}"
ssl.write(apnsMessage)
ssl.close
sock.close
puts "End"
Questions:
What's wrong with PHP? Is there some bug related to this issue? (I didn't find bug report though)
Any ideas how to solve this issue?
Any ideas what could be the difference in PHP and Ruby cases (I assume that Python or Perl could work fine too)? I even tried to read PHP sources, but without success to understand how stream_socket_client() implemented.
Please help.
I've found the issue and fixed it.
The problem was in .pem certificate. Somehow there were two certificates in one file for both production and development .pem files. The same .pem file with two certificates was in the repo for a long time but APNs stopped to work only few months ago. Maybe something was upgraded/changed on the Apple's side.
I assume the Ruby code somehow removes certificate duplication or maybe it took only first certificate, so it worked in Ruby.
However, the solution was to remove the second certificate from the .pem file. After that APNs started to work and they work now (I received some just yesterday).
If you're just reusing an old Certificate Signing Request (CSR), make sure to remove the expired/old APNs certificate from your Keychain before exporting the new one and its private key as p12 file. If you don't do that, the PEM file you generated out from the exported p12 will still contain the expired/old certificate which doesn't goes well with Apple's Push provider. Thus resulting to unable to connect to ssl....
I recently downloaded and installed "PHP for Android." I created a .php file that utilizes an SSL connection with port 2195. I followed a guide for writing a php server that sends push notifications to Apple's APNS, and SUCCESSfully ran it on my Mac. When I put both the .php and the .pem onto my Android phone in the same folder and tried to run it with the same WIFI connection, I get the following error message:
Error:14094410:SSL routines:func(148):reason(1040) in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Warning: stream_socket_client(): Failed to enable crypto in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Does anyone have any ideas of how I can fix this?
THANKS!
I had the SSL error on my Windows desktop, with a PHP script that accessed a HTTPS resource.
The solution was to enable the openssl extension. So maybe it's the same kind of problem you have here, something related to opensll on Php for Android.
I'm not sure how to fix it, but Google has it's own push notification framework. There is an example here: http://code.google.com/android/c2dm/
Edit to Answer:
I think that most likely the problem has to do with the certificates needed to make the call over SSL. It is possible that the PHP for Android app does not have permissions to access security certificates you need.
My project uses PHP JavaBridge, I have installed WAMP, JRE 6.0, and Tomcat 6.0.32
I can now access http://localhost:8080/ successfully but when I run my PHP site it gives me the following error
warning: fsockopen() [function.fsockopen]: unable to connect to localhost:8080 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. )
Can anyone please help me with this issue?
EDIT
Forgot to mention that I am using Windows 7
My comment above worked as a solution and hence this answer, so that in future others get it.
Can you 127.0.0.1:8080 instead of localhost:8080? See what do you get?
fsocketopen takes the hostname and it should be a valid domain, in your case, (in general) it could be a valid domain as long as you have an entry for localhost in your hosts file (C:\Windows\System 32\drivers\etc\hosts). See if you have something similar to that.