I has an error when I try to broadcast on channel
Pusher error: cURL error 35: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://127.0.0.1:6001/apps/1234/events?auth_key=1234&auth_timestamp=1657903485&auth_version=1.0&body_md5=8dc41d7541776abcec80f03003969cf1&auth_signature=c55045c13d8186478889252fcecc021542b3e73854771a1f5bca0c870613eb3f. {"exception":"[object] (Illuminate\Broadcasting\BroadcastException(code: 0): Pusher error: cURL error 35: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://127.0.0.1:6001/apps/1234/events?auth_key=1234&auth_timestamp=1657903485&auth_version=1.0&body_md5=8dc41d7541776abcec80f03003969cf1&auth_signature=c55045c13d8186478889252fcecc021542b3e73854771a1f5bca0c870613eb3f. at /var/www/obelisk/vendor/laravel/framework/src/Illuminate/Broadcasting/Broadcasters/PusherBroadcaster.php:128)
I already started the server
enter image description here
When I try to connect to it it isn’t work if I used ssl configuration
enter image description here
I used for configuration
'local_cert' => '/etc/letsencrypt/live/obeliskapp.com/fullchain.pem',
'local_pk' => '/etc/letsencrypt/live/obeliskapp.com/privkey.pem',
Conclusion :
It is working if I didn’t use ssl certificate and when I try make it secure it isn’t work , can you help me for this issue.
hint: I updated the curl and when I try to use the full domain instead off 127.0.0.1 it can’t connect from the start .
Thanks
Is there any way to create PHP SoapServer with local secure WSDL URL using self-signed SSL certificate? Following code:
$soapServer = new SoapServer("https://mysite.local/my-document?wsdl");
throws always exception:
SoapServer::SoapServer(): SSL operation failed with code 1. OpenSSL
Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
(/var/www/app/modules/generators/components/WsSoap.php:110)
I could not find anything on how to turn off SSL validation for SoapServer.
Most of issues are related to SoapClient, which is not the case.
I also want to avoid installing any ca.pem local files with valid certificates, because it would be difficult on many servers, just need to create SoapServer for one-time unit testing, don't care about valid/invalid local domain. Using PHP 7.0.19. Thank you.
I’ve got a PHP communications server running using stream_socket_server() and stream_socket_accept(), a fairly complicated thing which uses SSL connections and certificates to be certain that the remote side is authorized to connect to the server. One of the things which is coming up in my logs are the failed connections. I’m trying to provide more details on these connections for security purposes.
I’m currently getting most of my error detail on the failed connections by setting an error handler for the stream_socket_accept() call:
public function on_ssa_error($errno, $errstr)
{
$this->ssa_error .= " ERROR [$errno]: $errstr\n";
}
public function on_select_read()
{
$this->ssa_error = "";
set_error_handler(array($this, "on_ssa_error"));
$rsocket = stream_socket_accept($this->ss, 0);
restore_error_handler();
if ($rsocket !== FALSE)
// Finish setting up the socket connection and start using it
else
// Report the error in $this->ssa_error
}
…when I have a failed connection, I tend to get errors like this:
ERROR [2]: stream_socket_accept(): SSL operation failed with code 1. OpenSSL Error messages: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
ERROR [2]: stream_socket_accept(): Failed to enable crypto
ERROR [2]: stream_socket_accept(): accept failed: Success
…which is partly useful in that it identifies the cause of the bad connection as a bad certificate, but I’d really like to have something indicating where the bad request came from, ideally the IP address or Mac Address of the source.
Is there any way to get the IP address of a failed connection using the stream_socket_xxx code? I know it’s possible to get the IP address of an accepted connection, but I’m stumped trying to figure out a way of getting it on a failed connection.
I am trying to setup Instant Payment Notifications in paypal and am having trouble with POSTing back to tls://www.sandbox.paypal.com during the verification phase.
I am using the code found here: https://developer.paypal.com/docs/classic/ipn/gs_IPN/
Yet, when I try to connect I am receiving these errors:
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in /htdocs/test.php
fsockopen(): Failed to enable crypto in /htdocs/test.php
I have read the info here and it seems that I am trying to connect using the wrong protocol or I have the wrong cert installed. My OpenSSL is version 1.0.1e.
Unfortunately, I have no idea how to debug this or install the correct cert if necessary
You don't need to install an SSL certificate. It's just that the software stack on your server needs to be updated.
Check this guide on the POODLE Vulnerability for more details.
I'm having trouble with using APNS with PHP and getting the following message:
stream_socket_client(): Failed to enable crypto
The problem only happens sometimes, and other times it would actually send the push.
Since I have the test script on a loop of 10 iterations, I would sometimes get this:
stream_socket_client(): SSL: Connection reset by peer
I'm testing using the sandbox server tls://gateway.sandbox.push.apple.com:2195
Here is what I tried:
I tried to reissue the PEM and all certificates with it.
I played around with the request protocol sslv3:// and tls://.
I played around with the passphrase (push worked without the passphrase btw)
I tried searching stackoverflow for a solution and nothing worked.
Checked pem file permissions 644
Checked pem parent directories permissions 755
It seems that all the solutions I found on Google and SO are people having problem pushing altogether.
I feel like the service is rate limited maybe? Because we waited a while (around 15 minutes) and then tried it again, and was able to successfully push around 100 messages until I started getting that message again.
The sandbox push service is rate limited. I have experienced this myself when testing but have never encountered any such limit using the production API.
You might also be hitting their other protections.
Are you opening a connection, sending a message, closing connection and then looping and doing it all over again?
That will get your notifications dropped. Apple wants you to send several push notifications using the same connection, not a new one each time.
Best Practices for Managing Connections
You may establish multiple connections to the same gateway or to
multiple gateway instances. If you need to send a large number of
remote notifications, spread them out over connections to several
different gateways. This improves performance compared to using a
single connection: it lets you send the remote notifications faster,
and it lets APNs deliver them faster.
Keep your connections with APNs open across multiple notifications;
don’t repeatedly open and close connections. APNs treats rapid
connection and disconnection as a denial-of-service attack. You should
leave a connection open unless you know it will be idle for an
extended period of time—for example, if you only send notifications to
your users once a day it is ok to use a new connection each day.
From Apple Docs # https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/CommunicatingWIthAPS.html
My PHP code was generating following error:
PHP Warning: stream_socket_client(): Failed to enable crypto in /private/tmp/t.php on line 12
PHP Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /private/tmp/t.php on line 12
PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /private/tmp/t.php on line 24
The problem was, the damn certificate, expired the day before yesterday! :-) Can you believe this?
So, I need to recreate my PEM file.
It is not necessary recreate your pem file
that error happens when you use an incorrect PassPhrase
regards
Emiliano
I had this problem. Disappeared after giving write permission for 'everyone' for the .pem file.
I have this problem because I foolishly forgot to include the file extension (.pem) when supplying the file path for local_cert.
few checks :
device token should be - with out spaces and with out < or >
make sure the path of certificate is correct and expired date of it.
make sure the passphrase you are using is the one u used to make certificate
In my case, the issue was with my mac (OSX Sierra). I uploaded php and cert to my server, ran it, and the notification was delivered.
I tried examples from book of Marin Todorov iOs 6 by Tutorials.
And before I could send push notifications for automatical update I had a lot of headache cause of handshake error - stream_socket_client(): Failed to enable crypto.
I did all of what I found in Stackoverflow - changed permissions on certificate and others.
What I did eventually?
I created selfsigned SSL certificate and setup Apache for serving SSL.
Also I changed SSL protocol from ssl to tls in hostname:
tls://gateway.push.apple.com:2195
After that service works.