I was working with older version of OpenSSL(OpenSSL 0.9.8o) and I was forced to use newer OpenSSL 1.0.1e-fips as the result I was unable to connect to WSDL:
Message: SoapClient::SoapClient(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I need to disable SSL certification check, I tried:
$client = new SoapClient("https://IP:443/sdk/vimService?wsdl",
array(
"trace" => 1,
"location" => "https://IP:443/sdk/",
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
)
)
)
)
);
`
And it throw:
Message: SoapClient::SoapClient(): Peer certificate CN=localhost.localdom' did not match expected CN=SAME IP AS IN SoapClient()'
Then I added 'peer_name'=> 'localhost.localdom', in stream_context and then it says XML file is empty:
Fatal error: Uncaught SoapFault exception: [Client] looks like we got no XML document
PHP 5.5
Okey, I was able to found issue.
You can avoid this mess using stable PHP 5.5 version
Recently I learned that error: "looks like we got no XML document" is caused because of PHP version - PHP 5.6 in 5.5 working like a charm.
How to fix it in PHP 5.6
1) Remove SSL certificate check in PHP 5.6:
In 5.6 version SSL certification was enabled by default, so if you want to disabled it you must pass context stream:
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
)
)
)
2) Deleted ?wsdl and added .wsdl instead (with ?wsdl, it didn't worke for me)
<?php
$client = new SoapClient("https://IP:443/sdk/vimService.wsdl",
array(
"trace" => 1,
"location" => "https://IP:443/sdk/",
'exceptions' => 1,
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
)
)
)
)
);
$soapmsg["_this"] = array( "_" => "ServiceInstance", "type" => "ServiceInstance");
$result = $client->RetrieveServiceContent($soapmsg);
$ServiceContent = $result->returnval;
$soapmsg = NULL;
$soapmsg["_this"] = $ServiceContent->sessionManager;
$soapmsg["userName"] = "USERNAME";
$soapmsg["password"] = "PASSWORD";
$result = $client->Login($soapmsg);
$UserSession = $result->returnval;
echo "User, " . $UserSession->userName . ", successfully logged in!\n";
$soapmsg = NULL;
$soapmsg["_this"] = $ServiceContent->sessionManager;
$result = $client->Logout($soapmsg);
In my case stream_context_create didn't worked.
So I download this file here : https://curl.haxx.se/ca/cacert.pem
and placed it in my localhost as : F:\xampp\apache\cert.pem
and gave the same path for
openssl.cafile=F:\xampp\apache\cert.pem in my phpini
This made the localhost to acquire certificate and things worked great...!!
Posting this in case this may help some one going through my situation.
In my case was needed to add the crypt_method
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'verify_peer_name' => true,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
)
)
)
In my case "stream_context" did the magic, i've just added the code :
`"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
)
)
)`
Related
Statement: At the beginning I would like to state, that I'm well aware (and want to inform others) that this is not the proper way of doing things. If soultion is found, use it as last resort.
My problem is Weak Algorithm. And can't find a way to skip checks.
Company which exposes me endpoint states it is secure and they're not going to upgrade SSL Certificate. I know it's insecure, but can't do anything and must obey their decision.
Error i get file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
and file_get_contents(): Failed to enable crypto in...
My code is:
$context = stream_context_create([
'http' => [
'timeout' => 5,
],
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
var_dump(file_get_contents($wsdl, false, $context));
In browser i ge SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY and information about weak Diffie Hellman key.
I'm looking for a way to disable this check.
Most preferably via streamContext which I can use in SoapClient
You need disable Diffie Hellman validation:
$context = stream_context_create(array(
'ssl' => array(
'ciphers' => 'DEFAULT:!DH',
...
If need disable the validation of the certificate you need:
$context = stream_context_create(array(
'ssl' => array(
'ciphers' => 'DEFAULT:!DH',
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
Iam new to trying like this, I have trying to get the token with https in magento2, it not working here my code
<?php
$base_url="https://myurl.com/";
$domain="myurl.com";
$url = $base_url.'index.php/rest/V1/integration/admin/token';
$body = '{"username":"ApiUser", "password":"ApiPass"}';
$context_options = array (
'https' => array (
'method' => 'POST',
'header'=> "Content-type: application/json"
'content' => $body
),
'ssl' => array('SNI_enabled'=>true,'SNI_server_name'=> $domain)
);
$context = stream_context_create($context_options);
$token = json_decode(file_get_contents($url, false, $context));
echo $token; echo "<br/>";
?>
Please help, thanks in advance.
Sorry for the super late reply, but was just looking for this solution as well, to use https URL instead of http.
FROM the PHP manual page/example, the context should not be https, but rather http.:
http://php.net/manual/it/function.stream-context-create.php#74795
INCORRECT:
$context_options = array (
'https' => array ()
)
CORRECT:
$context_options = array (
'http' => array ()
)
of if you need more SSL options, this comment:
http://php.net/manual/it/function.stream-context-create.php#110158
$contextOptions = array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/cacert.pem',
'verify_depth' => 5,
'CN_match' => 'secure.example.com'
)
);
The simplest way to create stream context with stream_context_create when working in SSL environment is to omit verification! This works just fine for me when I want to retrieve data with file_get_contents:
stream_context_create([
'http' => [ /* your options here - eg: */ 'method' => 'POST', ],
// 'https' => 'DON'T forget there is no "https", only "http" like above',
'ssl' => [ // here comes the actual SSL part...
'verify_peer' => false,
'verify_peer_name' => false,
]
]);
php.net/manual/en/context.ssl.php:
verify_peer boolean
Require verification of SSL certificate used.
Defaults to TRUE.
verify_peer_name boolean
Require verification of peer name.
Defaults to TRUE.
I have installed WAMP 3.0.4 and am trying to write a PHP script that connects to an external HTTPS web service. But this returns the error:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have written a short script that demonstrates the issue:
<?php
$auth = base64_encode('username:password');
$aContext = array(
'http' => array(
'proxy' => 'tcp://proxyip:proxyport',
'request_fulluri' => true,
'header' => 'Proxy-Authorization: Basic $auth'
),
'SSL' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
'cafile' => 'C:/wamp/certificates/cacert.pem'
)
);
$cxContext = stream_context_create($aContext);
$sFile = file_get_contents("https://www.google.com", False, $cxContext);
echo $sFile;
?>
It is a requirement to use a proxy server.
As can be seen, I have tried installing a root certificates bundle and also adding verify_peer to false (not that I would do that in production) but still I receive this error.
As can be clearly seen from the above, I am something of an Apache / WAMP novice. Can someone perhaps explain what I am missing?
If you want to disable the verification of the SSL connection you can use:
'verify_peer' => false
And inside your code:
<?php
$auth = base64_encode('username:password');
$aContext = array(
'http' => array(
'proxy' => 'tcp://proxyip:proxyport',
'request_fulluri' => true,
'header' => "Proxy-Authorization: Basic $auth"
),
'ssl' => array(
'verify_peer' => false,
),
);
$cxContext = stream_context_create($aContext);
$sFile = file_get_contents("https://www.google.com", False, $cxContext);
echo $sFile;
?>
However note that this means that no-one is guarantee you that the data you get is authentic (since the ssl certificate is NOT verified).
If you want to verify the certificate, you should use the root certificates as in your question, however, you said you work with WAMP so the path to your cafile should be something like:
"cafile" => "c:/wamp/certificates/cacert.pem",
More important - you said nothing regarding the proxy in your question. Is it something that you need or is it something you found somewhere and just trying to use?
If you don't need the proxy just remove if from your request.
While on MAMP on macOS, simply restarting MAMP server solved this issue for me.
Using the php Soapclient I got the exception:
Uncaught SoapFault exception: [HTTP] Proxy Authentication Required
But when using a web browser with the same proxy set up, without specifying any credentials for that proxy, I can connect getting a XML response.
The system department ensures that there is no need for authenticate. Also I'm using the SoapUI just configuring the proxy for testing porpouses, without credentials again, and I can call the methods in the WS.
Why is the php SoapClient throwing that exception? Here is the code I'm using...
$this->client = new SoapClient( null, array(
'location' => 'http://www.xxxxx.dev',
'uri' => self::URI,
'proxy_host' => self::PROXY_HOST,
'proxy_port' => self::PROXY_PORT,
) );
Following solve the exception
$this->client = SoapClient( self::URL , array(
'proxy_host' => self::PROXY_HOST,
'proxy_port' => self::PROXY_PORT,
'authentication' => SOAP_AUTHENTICATION_BASIC,
'stream_context' => stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => false
)
))
));
Misunderstood with the documentation, "URI of the WSDL file or NULL if working in non-WSDL mode" and I was expecting first parameter as a file, not an URL. In some of the attempts I already tried but forgetting to set up the stream context with the SSL parameter to skip peer verification. ( probably SOAP_AUTHENTICATION_BASIC isn't necessary )
Hope it helps someone
i have a problem with running methods with SOAP. I'm using Apache and PHP.
this is the PHP code:
$opts = array(
'ssl' => array('ciphers'=>'RC4-SHA')
);
ini_set('soap.wsdl_cache_enabled',0);
ini_set('soap.wsdl_cache_ttl',0);
$client = new SoapClient('https://host?wsdl', array (
'stream_context' => stream_context_create($opts),
"trace" => 1,
"exceptions" => 0,
"connection_timeout"=>2000));
var_dump($client->__getFunctions());
$params = array ("key" => "value");
$result = $client->availabeFunction($params);
var_dump($result);
The __getFunctions() It returns me all of the available functions.
Then when i'm trying to call the the available function with parameters.
It returns me a strage error message:
public 'faultstring' => string 'Could not connect to host' (length=25)
public 'faultcode' => string 'HTTP' (length=4)
So i presume it is for some reasons are connecting to through the HTTP, but not through HTTPS.
I've looked up the web, and in some cases they are using a local_cert value with a .pem file.
It it neccecity to have it? Or i'm missing something else?
It's an openssl library bug.
At first try to disable SSL check by adding this params
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
)
)
)
And next try to not use ?wsdl in location link, try use something like
.wsdl
The solution was much easier as i thoguht it will be:
ini_set('soap.wsdl_cache_enabled',0);
ini_set('soap.wsdl_cache_ttl',0);
$location = 'https://host';
$client = new SoapClient($location . '?wsdl', array (
"trace" => 1,
"exceptions" => 0,
"connection_timeout"=>2000,
"location"=>$location // <- this was the reqiured parameter
));
Everything else is same as before.
This beeing cause by WSDL file configuration, that instead of https URL, it has http.