I am trying to use a c++ app to access a php script on a different computer. The script queries a mysql database and outputs the values. When accessing https://myaddress/script.php in my web browser, it gives me the "The site's security certificate is not trusted!" page, then allows me to Proceed Anyway. I expected that, and it is ok because I have not yet jumped through the hoops to get my certificate certified.
However, when I try to access the same site from within my c++ app using QNetworkAccessManager, it tells me that the SSL handshake failed and quits out.
Why is this a problem? Does it have something to do with the fact that my certificate hasn't been authenticated, or is it something else? Can I set a feature in Qt Creator that allows my code to access even not trusted sites?
Any guidance would be very helpful,
Thanks in advance.
I had similar problem, I did two things:
re run/install Win32 OpenSSL Installation.
Download the latest "light" Win32 or Win64 installation package, for example "Win32 OpenSSL v0.9.8l Light".
follow link here:
http://developer.nokia.com/community/discussion/showthread.php/234276-Qt-SSL-handshake-failed
Related
I'm using the PHP userland library, found here: https://github.com/mongodb/mongo-php-library
, with documentation at: http://mongodb.github.io/mongo-php-library/classes/client/
How do I supply SSL options and which constructor to use? I'm assuming MongoDB/Client but documentation is sparse.
I have the usual on the server; CA file, server certificate and private key file with net.ssl being set to requireSSL.
So if anyone has tried anything, it'd be great if you can list what worked.
Update
A lot of googling took me to this page. and I could only get the mongo shell connected successfully, but definitely not through the php library. I am using MongoDB 3.2.1 on Centos7.
Additionally I see that client certificates need two additional fields in the x509 certificates[keyUsage = digitalSignature, extendedKeyUsage = clientAuth], as narrated here. Now although that isn't impossible, but isn't a very manageable or scalable way for my implementation in my opinion.
Also a strange thing I discovered is that the CN in the final client certificate needs to be "localhost.". You cannot omit the last period. And the --host argument accordingly has to be "localhost." (not just localhost) or else the validation fails. But if you try to create a certificate with the CN as just localhost, you will never be able to connect to the server and the validation would fail everytime.
I am doing a CAS integration with a project that I am doing with my university. The final integration should be made with symfony2, however first I need to make the example code working.
I finally get working the example_simple.php example with phpCAS 1.3.2 , however the directive:
phpCAS::setNoCasServerValidation();
is the enabled one. I think I should use instead:
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
However when I enable this second one (and disable the other) then the authorization does not work anymore. Here is the relevant output line error of the log:
could not open URL 'https://cas_server.fi/cas/serviceValidate?service=http%3A%2F%2Flocalhost%2Fphpcas2%2Fdocs%2Fexamples%2Fexample_simple.php&ticket=ST-115606-M1Omd1cHWzbLbmxa1nYV-cas' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:2763]
The cas server provided me two .crt files:
MYCASRootCA.crt
MYCASLinuxSUBCA.crt
And they are suppose to be installed in my system (Ubuntu 13.10). They are in different places, such a /etc/ssl/certs/MYCASLinuxSUBCA.pem but also:
/usr/share/ca-certificates/lut/MYCASRootCA.crt
/usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt
So assuming that the variable $cas_server_ca_cert_path has to have one of these .crt files or .pem dirs (such a /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt) I cannot make it work. What I am doing it wrong? My client-server (no the cas server) is in my localhost. Is it a problem? Should I avoid use setCasServerCACert command? Why is it happening?
I've also tried to use the curl-ca-bundle.crt certificate provided by my XAMP instalation (Xampp 1.8.3).
I am a little bit lost with certificates as you can see.
I read about problems with phpCAS and recent Ubuntu versions in https://github.com/Jasig/phpCAS/issues?state=open. However I cannot make this working with the master code, even without certification (by default).
Any ideas would be appreciated...
I have found the solution asking in the github library: https://github.com/Jasig/phpCAS/issues/119
The reason is that the curl binary used by PHP in my xampp installation is different from the system's curl binary. The system one has access to /etc/ssl/certs/ certificates, but the xampp curl does not have (unless you don't indicate it, of course). By default, it searches in a special certificate-bundle-file.
Finally I have found the real certificate for my cas-server and I am using it, however maybe you want to use other proposed solution at the end of the discussion thread if you are having a similar problem.
My college downloaded cert-name.crt file from external host. Now we need to connect to web service platform, obviously using their SSL certificate. We are a bit confused by OpenSSL documentation. Research didn't help either. All we get is 'Could not connect to host' PHP exception. Just to clear things, interface worked perfectly fine over unsecured HTTP. We use pure Soap library. As an act of desperation we also tried to connect with host without verification by disabling verify_peer variable in SoapClient stream context. Please help, we are under pressure.
To get your started:
By default, PHP looks for the CA file on UNIX systems in, make sure it is readable by the PHP invoker (user via cli, Apache user, etc..), and place the .crt file here:
/etc/pki/CA
Currently setting up a backup solution that sends a database dump and some other files from a Wordpress network to a NAS on my LAN, via WebDAV. I have installed PHP WebDAV on my web server and the basic code to get that that to work is:
webdav_connect('http://webdav.example.com/dav', 'davuser', 'davpassword');
webdav_put('/your/nice/thing.txt', $data);
webdav_close();
The issue is, my NAS requires this connection to be done via HTTPS, so in a web browser you'd see a warning which you can ignore, but PHP gives the following warning and the code fails:
Warning: webdav_put() [function.webdav-put]: Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted in /var/www/vhosts/blah/blah/blah.php on line 5
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate? The domain name used for accessing the WebDAV service on my NAS is one provided by Dynamic DNS if that makes a difference.
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate?
I don't know which HTTP Layer PHP WebDAV uses (which extension are you using?), but often it's possible to configure the underlying layer to ignore certificate errors.
If you need certificate verification for security reasons, you should obtain a valid certificate.
Just for completeness as I don't like leaving things un-answered. I've decided to access my WebDAV service via SMEStorage. They provide an API which developers can use for this sort of thing:
http://smestorage.com/?p=static&page=for_developers
I'm working on my first web site that requires SSL, it's hosted on a PCI Compliant server, SSL is setup correctly (or so I've been told).
I was hoping that I could just change a particular link in my code to go to a page, such as https://mydomain.com/login.php, but alas, it doesn't work. It doesn't even say that a SSL cert is present.
After some reading I'm thinking I must use curl to correctly work with HTTPS correct? If this is the case, are there any good 'still valid' tutorials on this topic?
Also, my hosting company said I was using php modules(I'm assuming he's referring to functions) that aren't compatible with their systems, they must work with 5.3.x...well I went through an entire page of code they claimed wasn't compatible, and every single function was in the php 5.3.x supported functions list (http://php.net/quickref.php).
Any insight into what they mean here? This stuff shouldn't seem like rocket science, but I'm coming up short on figuring it out correctly, and implementing http with SSL.
Thanks!
I've never heard of this. If mydomain.com/login.php is working but https://mydomain.com/login.php is not then it is not setup. Also you might want to see if https://www.mydomain.com/login.php works. It depends on what was setup as the fully qualified domain name in the certificate and key.
Usually servers have a default self signed certificate and it will give you a warning in browsers when trying to go to https. Is that what you are getting?? Or a different error?
Hope this gives you some direction...If it isn't setup you can go to the CA for directions on install directions.