i've been trying to set up a secure communication using client side certificate between my client application and my server application.
I've set up a the configuration in my apache web server and both in my browser just to make sure that it works and it does.
i'm using zend framework 1.12, and according to the documentation on Zend website
the following example should work:
$config = array( 'sslcert' => 'path/to/ca.crt', 'sslpassphrase' => 'p4ssw0rd');
$adapter = new Zend_Http_Adapter_Socket();
$adapter->setConfig($config);
$http_client = new Zend_Http_Client();
$http_client->setAdapter($adapter);
$http_client->setUri('https://somewhere.overtherainbow.com:1337/bluebird');
$http_client->request();
but everytime i just get the same exception
Unable to Connect to ssl://somewhere.overtherainbow.com:1337
There is no doubt that i'm using the right certificate and passphrase and there is access to the remote machine
so where could be the downfall ?
Sounds like a simple firewall issue - login to the server and stop iptables and then see if it connects. Or add an exception to the clients IP to access mysql. Also check :1337 is open
Related
I have a PHP Ratchet WebSocket server, running a custom chatroom on my website.
I would like to get the user's cookies when they connect to the server, so that I can get their session data and do something special if they are logged in / have specific permissions / etc.
In other posts (both on StackOverflow and otherwise), it is said that to get session data, you must get the client's cookies, which are supplied in their requests to the web server. The following line of code is meant to do this:
$conn->WebSocket->request->getCookies()
Where $conn is a ConnectionInterface.
My problem is, that when run this simply returns an empty array, even though the DevTools will show that there are indeed cookies.
Why might this not be returning a value?
just in case you're still searching for a solution:
1.In case your cookies only valid for a specific domain/subdomain - you should establish connection to your WebSocket server over the same address.
For example, cookies that only valid for admin.example.com won't be sent to a WebSocket server on your root domain (example.com).
2.In case your cookies only valid for a secure connection (https://), your WebSocket server should be over a secure connection too (wss://), Which is quite easy to achieve with the latest Ratchet version.
$webSock = new React\Socket\Server('0.0.0.0:8443', $loop);
$webSock = new React\Socket\SecureServer($webSock, $loop, [
'local_cert' => 'path_to_server_cert',
'local_pk' => 'path_to_private_key',
//'allow_self_signed' => TRUE,
'verify_peer' => FALSE
]);
3.With Ratchet 0.4.x, there is no longer a cookie parser.
You can only get it as a raw string and then parse it by yourself.
Get & Parse cookies with Ratchet 0.4.x :
$cookiesRaw = $conn->httpRequest->getHeader('Cookie');
if(count($cookiesRaw)) {
$cookiesArr = \GuzzleHttp\Psr7\parse_header($cookiesRaw)[0]; // Array of cookies
}
I have a website which frequently makes SOAP calls to a particular API. The site was working fine for a few months of time, however the SOAP functionality suddenly stopped working without any known reason, the error was "Cannot connect to host".
The WSDL service has not moved or shut down.
After this I updated plesk from version 12 to version 17. SOAP client is still not working but now its a different error:
SOAP-ERROR: Parsing WSDL: Couldn't load from (URL) : failed to load external entity (URL)
This is my SOAP call:
$opts = array('http'=>array('user_agent' => 'PHPSoapClient'));
$context = stream_context_create($opts);
libxml_disable_entity_loader(false);
$client = new SoapClient($url,array('stream_context' => $context,'cache_wsdl' => WSDL_CACHE_NONE));
Any possible solutions?
EDIT:
New information came in, so the API server had DNS problems, how can I restore my connection to the API?
Your php server is clearly not reaching out the soap server. This might help:
Try checking directly from php server if the service are reachable:
wget {url} > page.txt
nano (or equivalent) page.txt
Try using other program to consume the server, I suggest Soap Ui
On the php server try ping the service url and see if the IP is resolved.
Check if any other soap service is reachable, you can use this service
If this not help you coming up with a solution, post here the results to help others solving it.
I am currently trying to connect to my elastic search cluster using the php elasticsearch client
I am having trouble using an https endpoint for this. I have my cluster behind a load balancer with a VIP in front, it is using Apache authentication and is on port 443. The trouble I am running into is that the config for the client seems to be parsing the hosts and removes https:// from the host name. this results in the client always trying to connect over port 80. I have tried adding :443 to the host name but I am then getting a curl error "empty reply from server". I know that this server has access (no firewall blocking) because i can manually make the curl call using https://myelasticsearch.com.
My question is, is there a way to specify the protocol to make the request over using this client? if not, where in the source is the parsing of the host array happening?
I have found a temporary solution, in src/Elasticsearch/Connections/AbstractConnection.php there is a defined transportSchema variable that is set to http. I changed this to https and also added the :443 to my host in the config and it works!
Just as an update to this question (in case anyone stumbles into it), this bug was fixed in Elasticsearch-PHP v1.1.0. You can specify https in the host now to use SSL:
$params = array();
$params['hosts'] = array (
'https://localhost', // SSL to localhost
'https://192.168.1.3:9200' // SSL to IP + Port
);
$client = new Elasticsearch\Client($params);
I am using WampServer (Windows) and PHP pgsql, and apparently something wasn't compiled with SSL support, because I get this error:
Unable to connect to PostgreSQL server: sslmode value "require" invalid when SSL support is not compiled
This got me thinking... I wonder if I can ask pg_connect() to look for 127.0.0.1 on port 12345 (or something like that) using HTTP, and then some middle service could be run on my local system that would pass that on to the server using SSL.
Does anyone know how to do that?
NOTE
I'm trying to connect to the Heroku PostgreSQL server (which uses an Amazon Web Service URL) and requires an SSL connection. I had better luck Googling "amazonws.com postgresql stunnel" for relevant bulletin board messages.
UPDATE
Here is the stunnel.conf file that I used:
;See: https://medium.com/what-i-learned-building/580fdd492119
cert = stunnel.pem
options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
socket = r:TCP_NODELAY=1
options = NO_SSLv3
ciphers = HIGH:!ADH:!AECDH:!LOW:!EXP:!MD5:!3DES:!SRP:!PSK:#STRENGTH
[heroku-postgres]
client=yes
accept = 127.0.0.1:YOUR-CHOSEN-PORT
connect = THE-HOST-GOES-HERE:PORT
protocol=pgsql
retry = yes
Reference: https://medium.com/what-i-learned-building/580fdd492119
postgresql does neither use http nor https for its connection, but has its own protocol. But you could use something like stunnel to tunnel a normal tcp connection inside ssl, e.g. if your local pg_client library is not ssl-aware you could create an stunnel on localhost which then forwards the data via ssl to the remote postgresql server.
I am successfully connecting, using Microsoft C#, to a Microsoft web service. I have to supply a username, password (in the C# code); and install a certificate (in .cer format) into the "Root Certificate Authorities" section of the system's certificates.
How can I connect to such a web service in PHP? The reason I ask is that all methods I have seen (such as wsdl2php, which creates a SoapClient subclass), seem to assume various things, such as SSL certificate, SSL key file and SSL key passphrase.
So it all confuses me. I'm not sure what should go where. I'm not sure where my "root certificate authority" (the .cer file) should go, and where the username and password should go. Any ideas?
all can be done whith soapclient and stream_context_create using ssl options
<?php
$context = stream_context_create(array(
'https' => array(
'cafile' => '/path to file',
'verify_peer' => true
)));
new soapclient("https://localhost/index.php?wsdl",array(
'login'=>'admin',
'password'=>'passss',
'stream_context'=> $context
));
it is not uncommon in soap to not use http auth but just an soap-call, the documnetation is essential
it can be rewarding to use soapclient whith classes using classmap to map soaptypes to php clases
Typically if you're calling a webservice using regular SSL your URL will look like:
https://username:password#myserver.com/mywebservice.php
Then there is the issue of the SSL certificate. I'm using something similar to read from an SSL protected SVN web front. I don't know of any other solution other than to log into the server as the user that is running your webserver (apache/IIS) and accepting the certificate manually. In the case of SVN you could make a checkout and it will ask you to accept the certificate. I'm not entirely sure how this would work for a plain HTTPS request but perhaps you can get the certificate by loading the webservice in a browser? (or using wget or something fancy if you're lucky enough to be running Linux)
Also, is your code the PHP code or the C# code? If it's C# you may need to do something else entirely.