Soap WS with WSF/PHP as client and .NET as server - php

I have to call a SOAP WS on a .Net server, using (from my customer documentation)
SOAP 1.1
WS-Addressing (August 2004)
WS-Security 1.1
WS-Trust (February 2005)
WS-SecureConversation (February 2005)
WS-SecurityPolicy 1.1
I use WSO2 WSF/PHP (wso2-wsf-php-src-2.1.0.zip file), here is my client
function appel($rec_cert, $pvt_key, $sUrl)
{
$reqPayloadString = <<<XML
<ns1:echo xmlns:ns1="http://wso2.org/wsfphp/samples"><text>Hello World!</text></ns1:echo>
XML;
$sPolicy = dirname(__FILE__) . '/policy.xml';
$sAction = "http://www.aaa.fr/SendMessage";
$reqMessage = new WSMessage($reqPayloadString, array("to" => $sUrl, "action" => $sAction));
$policy_xml = file_get_contents($sPolicy);
$policy = new WSPolicy($policy_xml);
$sec_token = new WSSecurityToken(array("privateKey" => $pvt_key, "receiverCertificate" => $rec_cert));
$client = new WSClient(array(
"useSOAP"=>1.1,
"useWSA" => 1.0,
"policy" => $policy,
"securityToken" => $sec_token,
));
$resMessage = $client->request($reqMessage);
printf("Response = %s \n", $resMessage->str);
}
On my local webservice, it run fine, but just throw an Exception "Error , NO Response Received" on my customer preproduction server. I just don't use the same keys and certificates, as I have not the customer secret key.
Here is my local webservice
<?php
function echoFunction($inMessage) {
$returnMessage = new WSMessage($inMessage->str);
return $returnMessage;
}
$pub_key = ws_get_cert_from_file("/var/www/samples/security/keys/alice_cert.cert");
$pvt_key = ws_get_key_from_file("/var/www/samples/security/keys/bob_key.pem");
$operations = array("echoString" => "echoFunction");
$actions = array("http://www.aaa.fr/SendMessage" => "echoString");
$policy = new WSPolicy(file_get_contents("policy.xml"));
$sec_token = new WSSecurityToken(array("privateKey" => $pvt_key, "receiverCertificate" => $pub_key));
$svr = new WSService(array(
"actions" => $actions,
"operations" => $operations,
"policy" => $policy,
"securityToken" => $sec_token));
$svr->reply();
The big problem is this error happened for a non-existant url, a different policy between client and server, and severals others errors I can create on my server.
There is a first evidence, from the wsf_php_client.log :
[Mon Jan 28 15:49:02 2013] [error] assertion_builder.c(510) [neethi] Unknown Assertion RampartConfig with namespace http://ws1.apache.org/rampart/policy
[Mon Jan 28 15:49:02 2013] [error] engine.c(548) [neethi] Assertion creation failed from element.
[Mon Jan 28 15:49:02 2013] [error] engine.c(145) [neethi] All creation failed
[Mon Jan 28 15:49:02 2013] [error] engine.c(473) [neethi] All creation failed from element.
[Mon Jan 28 15:49:02 2013] [error] engine.c(190) [neethi] Exactlyone creation failed.
[Mon Jan 28 15:49:02 2013] [error] engine.c(496) [neethi] Exactlyone creation failed from element.
[Mon Jan 28 15:49:02 2013] [error] engine.c(285) [neethi] Policy creation failed.
and a second one (I am searching about this)
[Mon Jan 28 16:18:13 2013] [info] Starting addressing out handler
[Mon Jan 28 16:18:13 2013] [debug] http_transport_sender.c(241) ctx_epr:https://recette.customer.fr/securit.svc
[Mon Jan 28 16:18:13 2013] [debug] http_transport_sender.c(776) using axis2 native http sender.
[Mon Jan 28 16:18:13 2013] [debug] http_sender.c(494) msg_ctx_id:urn:uuid:ef0a33e6-695d-1e21-2453-d43d7e273c95
[Mon Jan 28 16:18:13 2013] [debug] http_transport_utils.c(3794) No session map stored
[Mon Jan 28 16:18:13 2013] [info] [ssl client] CA certificate not specified
[Mon Jan 28 16:18:13 2013] [error] ssl/ssl_utils.c(50) Cannot find certificates
[Mon Jan 28 16:18:13 2013] [error] ssl/ssl_stream.c(99) Error occurred in SSL engine
[Mon Jan 28 16:18:13 2013] [error] http_client.c(294) Data stream creation failed for Host recette.customer.fr and 443 port
[Mon Jan 28 16:18:13 2013] [error] http_client.c(560) Client data stream null or socket error for host recette.customer.fr and 443 port
[Mon Jan 28 16:18:13 2013] [error] http_client.c(562) A read attempt(HTTP) for the reply without sending the request
[Mon Jan 28 16:18:13 2013] [error] http_sender.c(1303) status_code < 0
[Mon Jan 28 16:18:13 2013] [error] engine.c(171) Transport sender invoke failed
[Mon Jan 28 16:18:13 2013] [error] /home/cedric/wso2-wsf-php-src-2.1.0/src/wsf_client.c(1696) [WSF/PHP] Response Payload NULL( Error number and code) => : 76 :: A read attempt(HTTP) for the reply without sending the request
Where can I find more information to resolve my problem? I already ask the customer to tell me if he have any trace of my WS calls (but I still have no answer for now).

I think your server doesn't start SSL communication with remote server. This can happen if it cannot trace it's certificate to root certificate authority that it knows (see https://en.wikipedia.org/wiki/Root_certificate).
Usually you can either disable this chechk (if you would use CURL for example), or better - provide path to ca.crt file.. by default Apache should know where it is.. for example its configuration might include
SSLCACertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/keys/ca.crt"
(as mentioned in http://wso2.org/library/articles/ssl-enabled-web-services-apache-axis2-c)

Related

PHP MongoClient "No candidate servers found" with replica set

Specs: PHP 5.3.10, Ubuntu 12.04 64 bit, Mongo driver 1.5.1, MongoDB 2.4.8
We have a single shard Mongo with two secondary replica sets. I can't seem to get PHP driver to utilize replica sets for high performance reads/writes. I'm getting "No candidate servers found" when trying to connect with the connection string provided below.
$connection = new MongoClient("mongodb://10.88.217.247:27017,10.88.217.247:27018",
array('username'=>"{$username}", 'password'=>"{$password}", 'replicaSet' => true));
This is what Mongo log sends:
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: start
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] send_packet: read from header: 36
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] send_packet: data_size: 259
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: can't find minWireVersion, defaulting to 0
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: can't find maxWireVersion, defaulting to 0
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: setting maxBsonObjectSize to 16777216
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: setting maxMessageSizeBytes to 48000000
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: can't find maxWriteBatchSize, defaulting to 1000
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: set name: rs-0, ismaster: 1, secondary: 0, is_arbiter: 0
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: the server name (mongo-0-0:27018) did not match with what we thought it'd be (10.88.218.248:27018).
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: the replicaset name is not set, so we're using rs-0.
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] found host: mongo-0-0:27018
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] found host: mongo-0-2:27018
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] found host: mongo-0-1:27018
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] ismaster: last ran at 1398292169
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] discover_topology: ismaster worked, but we need to remove the seed host's connection
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] mongo_connection_destroy: Destroying connection object for 10.88.218.248:27018;-;admin/scal/a6612d715d1a4f9549232ec4d599bf55;12199
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] mongo_connection_destroy: Closing socket for 10.88.218.248:27018;-;admin/scal/a6612d715d1a4f9549232ec4d599bf55;12199.
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] discover_topology: ismaster worked
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] discover_topology: found new host: mongo-0-0:27018
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.2.122] connection_create: creating new connection for mongo-0-0:27018
rs.status() JSON:
{
"set" : "rs-0",
"date" : ISODate("2014-04-24T15:13:39.000Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "mongo-0-0:27018",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 68415,
"optime" : Timestamp(1398285029, 1),
"optimeDate" : ISODate("2014-04-23T20:30:29.000Z"),
"self" : true
},
{
"_id" : 1,
"name" : "mongo-0-1:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 67984,
"optime" : Timestamp(1398285029, 1),
"optimeDate" : ISODate("2014-04-23T20:30:29.000Z"),
"lastHeartbeat" : ISODate("2014-04-24T15:13:38.000Z"),
"lastHeartbeatRecv" : ISODate("2014-04-24T15:13:38.000Z"),
"pingMs" : 0,
"syncingTo" : "mongo-0-0:27018"
},
{
"_id" : 3,
"name" : "mongo-0-2:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 63419,
"optime" : Timestamp(1398285029, 1),
"optimeDate" : ISODate("2014-04-23T20:30:29.000Z"),
"lastHeartbeat" : ISODate("2014-04-24T15:13:38.000Z"),
"lastHeartbeatRecv" : ISODate("2014-04-24T15:13:38.000Z"),
"pingMs" : 0,
"syncingTo" : "mongo-0-0:27018"
}
],
"ok" : 1
}
Several things you might want to notice when you setup a replica set:
when building the replica set, the first member will be named using the server's host name. So when you access the server, it will NOT access the host in the connection string. Instead, it gets available server list from there, and tries to connect to the host names in that list. I explained some details here. You can also find information in the mongodb c# driver tutorial :
It is required that each MongoDB server have a name that is DNS resolvable by the client machine. Each MongoDB server reports its hostname back through the isMaster command and the driver uses this name to talk with the server. This issue can occur when the seed list contains an IP address and the MongoDB server reports back a hostname that the client machine is unable to resolve.
When you access a replica set, you should provide a replia set name with parameter replicaSet=[set name], something the following.
mongodb://hostname1,hostname2/dbName?replicaSet=rs0
Don't mix up servers from different replica set because:
If you have multiple servers listed, and one is part of a replica set and another is not, then the connection mode is non-deterministic. Be sure that you are not mixing server types on the connection string.
Note the bind ip of your mongo server. If I remember it correctly, in some distributions it defaults to listening on 127.0.0.1:27017. Thus you'll never get connected from a guest machine. Try set the following line in /etc/mongodb.conf:
bind_ip = 0.0.0.0
Back to your question. from the log:
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.1.123] ismaster: the replicaset name is not set, so we're using rs-0.
It tells you to provide the replica set name. and it assumes it's rs-0 (is the name correct?)
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.1.123] found host: mongo-0-0:27018
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.1.123] found host: mongo-0-2:27018
[Wed Apr 23 22:29:29 2014] [error] [client 170.171.1.123] found host: mongo-0-1:27018
Says you have 3 members in your replica set. And the driver's going to connect to them by using their names, which would be:
mongo-0-0:27018
mongo-0-1:27018
mongo-0-2:27018
If you want them to work, add to your clients' /etc/hosts
[ip of mongo] mongo-0-0:27018
[ip of mongo] mongo-0-0:27018
[ip of mongo] mongo-0-0:27018
Or if you want to change these names, use the following lines:
var conf = rs.conf();
conf.members[0].host = "..." // your new name for member0
conf.member[1].host = "..."
conf.member[2].host = "..."
rs.reconfig(conf)

How do I fix the Apache PHPSESSID err0r?

I am getting the Apache Errors from AWS PHP Library, Here is the error I am getting from Apache error log file,
[Fri Aug 09 15:47:12 2013] [error] Failed to determine HOME directory after trying "sh: 1: cd: can't cd to ~" (exit code 2)
[Fri Aug 09 15:47:12 2013] [error] PHPSESSID f97oht9qlsuvknc45t075hohn5
[Fri Aug 09 15:47:12 2013] [error] f97oht9qlsuvknc45t075hohn5
[Fri Aug 09 15:47:12 2013] [error] f97oht9qlsuvknc45t075hohn5 =
I tried to fix the error with the help of these steps, after that I got the other 3 lines errors,
[Fri Aug 09 15:47:12 2013] [error] PHPSESSID f97oht9qlsuvknc45t075hohn5
[Fri Aug 09 15:47:12 2013] [error] f97oht9qlsuvknc45t075hohn5
[Fri Aug 09 15:47:12 2013] [error] f97oht9qlsuvknc45t075hohn5 =
How do I fix these errors?
Thanks for advance help.
If you are using version 1.6.x of the SDK and explicitly providing credentials to the client object (instead of relying the SDK's config discovery mechanism), then you could try using the AWS_DISABLE_CONFIG_AUTO_DISCOVERY constant to circumvent all of the self-discovery code.
You must define the constant before you include the SDK.
define('AWS_DISABLE_CONFIG_AUTO_DISCOVERY', true);
require '/path/to/sdk.class.php';
This will remove the need of the hack as described on isnoop's blog and may also resolve the issue with the other three lines showing up in your log (though I'm not sure why the SDK would cause those lines to appear).

Apache2 restart while using wsf/php

I have another problem with framework WSF/PHP. Most of the time (not always, but still), when i run my script it ends with lost connection. There's no error page or anything, just error connecting with host (via localahost).
Here's my code:
<?php
$server_location = "https://some.address";
$clientCert_location = "clientCert.pem";
$CACert_location = "CACert.cer";
$passphrase = "some.password";
$request = file_get_contents("./requests/example.xml");
$action = "some.action";
$rec_cert = ws_get_cert_from_file($CACert_location);
$pvt_key = ws_get_key_from_file($clientCert_location);
$sec_token = new WSSecurityToken(array("privateKey" => $pvt_key,
"receiverCertificate" => $rec_cert));
$client = new WSClient(array("useSOAP" => "1.1",
"policy" => new WSPolicy(array()),
"securityToken" => $sec_token,
"to"=>$server_location,
"action" => $action,
"CACert" => $CACert_location));
try {
$response = $client->request($request);
} catch (Exception $e) {
if ($e instanceof WSFault) {
$response = "Soap Fault: ".$e->Code."\n";
} else {
$response = "Message = ".$e->getMessage()."\n";
}
}
?>
And here's error log from apache:
[Mon Aug 29 11:13:41 2011] [info] Cannot find path D:\Aplikacje\wsf-php-2.1.0\wsf_c/services.
[Mon Aug 29 11:13:41 2011] [info] [rampart] rampart_mod initialized
[Mon Aug 29 11:13:41 2011] [info] [rahas]Rahas module initialized
[Mon Aug 29 11:13:41 2011] [error] ..\..\axiom\src\om\om_document.c(102) Unable to get root node
[Mon Aug 29 11:13:41 2011] [info] Starting addressing out handler
[Mon Aug 29 11:13:41 2011] [warning] ..\..\src\core\context\msg_ctx.c(1384) RampartClientConfiguration not set in message context
[Mon Aug 29 11:13:41 2011] [info] [rampart][rampart_signature] No parts specified or specified parts can't be found for Signature.
OPENSSL_Uplink(100EC020,08): no OPENSSL_Applink
[Mon Aug 29 11:13:41 2011] [notice] Parent: child process exited with status 1 -- Restarting.
[Mon Aug 29 11:13:41 2011] [info] [rampart] rampart_mod shutdown
[Mon Aug 29 11:13:41 2011] [info] [rahas] Rahas module shutdown
[Mon Aug 29 11:13:43 2011] [notice] Apache/2.2.19 (Win32) PHP/5.3.6 configured -- resuming normal operations
[Mon Aug 29 11:13:43 2011] [notice] Server built: May 20 2011 17:39:35
[Mon Aug 29 11:13:43 2011] [notice] Parent: Created child process 4636
[Mon Aug 29 11:13:44 2011] [info] Cannot find path D:\Aplikacje\wsf-php-2.1.0\wsf_c/services.
[Mon Aug 29 11:13:44 2011] [info] [rampart] rampart_mod initialized
[Mon Aug 29 11:13:44 2011] [info] [rahas]Rahas module initialized
[Mon Aug 29 11:13:44 2011] [notice] Child 4636: Child process is running
[Mon Aug 29 11:13:44 2011] [notice] Child 4636: Acquired the start mutex.
[Mon Aug 29 11:13:44 2011] [notice] Child 4636: Starting 64 worker threads.
[Mon Aug 29 11:13:44 2011] [notice] Child 4636: Starting thread to listen on port 80.
Help will be much appreciated;)
EDIT:
I figured that out. My PATH was missing the .../php/ext location, so wsf.dll couldn't be found. However, it's not the end of my problem. More are comming... ;)
EDIT2:
Nope... It wasn't it:(
If anyone would be interested in how did it end, i solved the problem by upgrading apache-httpd to 2.2.21 and using wse-php instead of wsf-php.

OpenSSL configuration for PHP on Apache not working

I need OpenSSL working on an Apache 2 Webserver with PHP in order to use a combination of Moodle and Mahara with SSO.
The Server is running Ubuntu 10.04.3 and I've enabled the SSL package as described here. I've also followed these steps for setting up the certificates. Manually creating them worked fine.
However, Mahara does not see OpenSSL as correctly configured:
Could not generate a new SSL key. Are you sure that both openssl and the PHP module for openssl are installed on this machine?
This is from the Apache error.log after starting the server:
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/imap.ini on line 1 in Unknown on line 0
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Thu Aug 25 10:38:06 2011] [notice] Apache/2.2.14 (Ubuntu) mod_ssl/2.2.14 OpenSSL/0.9.8k configured -- resuming normal operations
And this is what I get when visiting Maharas networking page, which says it couldn't find OpenSSL:
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] [WAR] 6d (api/xmlrpc/lib.php:1324) openssl_csr_new(): dn: add_entry_by_NID 17 -> Mahara for example.com (failed), referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] Call stack (most recent first):, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * log_message("openssl_csr_new(): dn: add_entry_by_NID 17 -> Maha...", 8, true, true, "/var/www/mahara/api/xmlrpc/lib.php", 1324) at /var/www/mahara/lib/errors.php:446, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * error(2, "openssl_csr_new(): dn: add_entry_by_NID 17 -> Maha...", "/var/www/mahara/api/xmlrpc/lib.php", 1324, array(size 11)) at Unknown:0, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * openssl_csr_new(array(size 7), resource(#22), array(size 1)) at /var/www/mahara/api/xmlrpc/lib.php:1324, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->generate_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1238, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->get_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1145, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->__construct() at /var/www/mahara/api/xmlrpc/lib.php:1131, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo::singleton() at /var/www/mahara/admin/site/networking.php:56, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] , referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] [WAR] 6d (api/xmlrpc/lib.php:1328) Could not generate a new SSL key. Are you sure that both openssl and the PHP module for openssl are installed on this machine?, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] Call stack (most recent first):, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->generate_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1238, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->get_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1145, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->__construct() at /var/www/mahara/api/xmlrpc/lib.php:1131, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo::singleton() at /var/www/mahara/admin/site/networking.php:56, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] , referer: http://example.com/mahara/admin/
I don't quite get it. What exactly is wrong?
Edit: Just to clarify: The issue seems to be with PHP, the Apache seems fine: Apache/2.2.14 (Ubuntu) mod_ssl/2.2.14 OpenSSL/0.9.8k configured -- resuming normal operations

Headers are showing up in apache error log (curl and paypal)

I just noticed in my error logs that whenever I make a request to the PayPal API (using php+curl), some of the returned headers are showing up in my apache error log (not access log). As far as I can tell, this particular request has been filling up my logs since the beginning (few months now) but I just noticed it today for the first time. Now I know that this isn't a big problem by any means, but something I'd be happy to get rid of since it would make troubleshooting other issues easier.
First, here are the error logs:
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * About to connect() to api-3t.paypal.com port 443 (#0)
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * Trying 66.211.168.126... * connected
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * Connected to api-3t.paypal.com (66.211.168.126) port 443 (#0)
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * SSL connection using DES-CBC3-SHA
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * Server certificate:
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * \t subject: /C=US/ST=California/L=San Jose/O=PayPal, Inc./OU=Information Systems/CN=api-3t.paypal.com
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * \t start date: 2009-09-24 00:00:00 GMT
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * \t expire date: 2011-09-19 23:59:59 GMT
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * \t issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] > POST /nvp HTTP/1.1\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] Host: api-3t.paypal.com\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] Accept: */*\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] Content-Length: 217\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] Content-Type: application/x-www-form-urlencoded\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] \r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] < HTTP/1.1 200 OK\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] < Date: Thu, 17 Mar 2011 20:14:57 GMT\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] < Server: Apache\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] < Content-Length: 1162\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] < Connection: close\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] < Content-Type: text/plain; charset=utf-8\r
[Thu Mar 17 15:14:19 2011] [error] [client 192.168.1.21] * Closing connection #0
Even if I make the request using their sample code, the errors still show up. I even have the SSL_VERIFYPEER and SSL_VERIFYHOST curl options turned off in hopes that the ssl (which is valid still) was causing the issues. I've tried other curl requests (not via ssl though) and they don't show up in the error logs.
Can anyone help me pinpoint the issue?
Try using this cURL option:
curl_setopt($ch, CURLOPT_VERBOSE,0);
Are you using CURLOPT_CERTINFO? It's described thusly:
TRUE to output SSL certification information to STDERR on secure transfers.
Also check for CURLOPT_VERBOSE, which has to be enabled for CURLOPT_CERTINFO to work in newer PHP versions.

Categories