I am trying to implement a PHP SOAP based web service into my web application. I am getting a series of errors which seem to point to a conflict of libraries with regard to OpenSSL (or Curl, etc.), this I have understood by searching the internet for similar errors, but thought a general consensus that libraries are the issue, there is no solution that I can find.
Warning (2): SoapClient::__doRequest() [soapclient.--dorequest]: SSL operation failed with code 1. OpenSSL Error messages:
error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message [CORE/vendors/Startrack/WSSecurity.php, line 110]
Warning (2): SoapClient::__doRequest() [soapclient.--dorequest]: Failed to enable crypto [CORE/vendors/Startrack/WSSecurity.php, line 110]
Warning (2): SoapClient::__doRequest() [soapclient.--dorequest]: connect() failed: Unspecified error [CORE/vendors/Startrack/WSSecurity.php, line 110]
Notice (8): Undefined property: SoapFault::$detail [APP/controllers/startrack_controller.php, line 38]
Notice (8): Trying to get property of non-object [APP/controllers/startrack_controller.php, line 38]
Could not connect to host
This is being served from a Mac OSX Lion server. PHP 5.3.3 is installed, and the extensions for OpenSSL, Curl and SOAP are enabled. This is being built within CakePHP which explains the syntax of the error messages above. I am using a PHP Web Service bundle already provided. The above works when hosted via MAMP, but I am hoping to not have to rely on MAMP.
The only incompatibility I can find is between the OpenSSL headers and library versions, but from what I know this ought not be a problem?
OpenSSL Library Version OpenSSL 0.9.8r 8 Feb 2011
OpenSSL Header Version OpenSSL 0.9.8l 5 Nov 2009
I am trying to understand if the assumed 'conflict' is between my server and the remote server? The WSDL file is included in the Web Service API, as they hope to avoid any issues, and it works through a MAMP install on the same computer. So I think it is a setup issue between Apache/PHP and Curl/OpenSSL.
Any pointers to how to establish the actual issue, and rectify it would be appreciated.
This could be because you are trying to connect with an SSL 3 enabled server, that may (?) have SSL 2 disabled.
Try connecting to the server like this on the command line:
openssl s_client -connect {SERVER NAME OR IP}:443 -state
If that does not work, then try connecting like this:
openssl s_client -ssl3 -connect {SERVER NAME OR IP}:443 -state
If that does work, then try creating a wrapper class, similar to this one found in the PHP documentation.
You should add a line similar to:
curl_setopt($handle, CURLOPT_SSLVERSION, 3);
inside the callCurl function to force SOAP to connect over version three of ssl.
Related
We run an apache2 server and want to use google recaptcha due to high volume of bots on our newsletter.
Therefore I implemented some lines of developers php-code which in general should work ... but not on my server.
I investigated further and found that the function file_get_contents() ends with an SSL error.
file_get_contents(self::SITE_VERIFY_URL, false, $context)
Below you can find an extract from the servers log file.
PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/html/app/lib/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68
PHP Warning: file_get_contents(): Failed to enable crypto in /var/www/html/app/lib/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68
PHP Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: operation failed in /var/www/html/app/lib/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68
This brought me to the conclusion that Openssl is misconfigured.
So I:
reinstalled ca-certificates with apt-get purge ca-certificate
Also downloaded the cacert.pem and linked it in the php.ini
checked if curl works properly, but it doesnt (every call of curl ends with curl: (60) SSL certificate problem: unable to get local issuer certificate
checked openssl.cnf which looks ok to me.
Any ideas how to solve this would be great.
So I found the problem:
First I changed the filepath according to the comment by drew010.
Then I fixed issues on my server with file permissions of /etc/ssl/certs according to this post: https://askubuntu.com/a/636979
Now file_get_contents does not invoke any errors and recaptcha runs smoothly.
Recently my server vendor upgraded from php 5.6 to php 7.3. One of my application no longer trigger email notification. error as below:
Googled and tried with all the suggestion but no luck :(
PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in /lib/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 97
code on line 97
public function startTLS()
{
return stream_socket_enable_crypto($this->_stream, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
}
Finally i manage to get working.
I have upgraded the SwiftMailer version. Still receive an error:
stream_socket_enable_crypto(): Peer certificate CN=`124-150-142-184.cprapid.com' did not match expected CN=`pod51021.outlook.com' in lib/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 106
Finally i have email to my server vendor to disabled SMTP restrictions so can send email via a third-party SMTP server (Office 365).
Then everything start working.
I recently embarked on a PHP project on CentOS 7 and configured the email to work with Office365. The mails worked fine for a while until I started observing this error whenever a mail attempts to be sent:
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL error messages:error1416F086: SSL routines:tls_process_server_certificate:certificate verify failed
Furthermore, the openssl.ca file and openssl.ca path directives in the openssl section of phpinfo() are set to null.
Could someone please suggest how I could fix this?
Thanks.
I was trying to develop a twitter streaming application on my AWS EC2 machine. The OS platform is Ubuntu 16.04.1 LTS and I have downgraded the PHP version to 5.6.28-1+deb.sury.org~xenial+1
When I run the twitter streaming application on this server, I am getting the following errors.
Warning: fsockopen(): Peer certificate CN=`stream.twitter.com' did not match expected CN=`199.16.156.217' in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
Warning: fsockopen(): Failed to enable crypto in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
Warning: fsockopen(): unable to connect to ssl://199.16.156.217:443 (Unknown error) in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
The same code is running without any issues in another two machines (one is AWS EC2 and the another is a godaddy server).
All the ports in the current EC2 machine is open now and the SSL version is OpenSSL/1.0.2g the openssl section is having the following value.
openssl section - phpinfo
Can someone help me to find where the exact issue is ?
The issue is resolved with the clue fro the first error.
Warning: fsockopen(): Peer certificate CN='stream.twitter.com' did not match expected CN='199.16.156.217' in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
In PHP 5.6.x, the value of openssl VERIFY_PEER is true by default. The system will first fetch the certificate from the peer and matches with ours. In my application, I was connecting with the IP and the URL in the fetched certificate is stream.twitter.com. This was the issue.
Changing IP in the fsockopen to stream.twitter.com solved my issue.
PHP versions prior to 5.6, the default value of VERIFY_PEER is false and this is why the same code running on my other instances.
I installed Official Twilio PHP API Librarie via composer ( "twilio/sdk": "~3.12" ).
When I trying use API ( for example send an SMS ) using Test Credentials I get the error:
Warning: file_get_contents(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
..vendor/twilio/sdk/Services/Twilio/HttpStream.php line 62
If I trying send SMS in terminal using curl - everything is OK.
How it may be fixed without editing Twilio PHP API Librarie code?
Twilio developer evangelist here.
I found this happened when you don't have the curl bindings for PHP. Try recompiling PHP with curl or installing the php5-curl package.
Let me know if that helps at all.
Here's how I fixed the problem. Edit Twilio.php, right above verify_peer, add this line:
'cafile' => '/etc/ssl/certs/ca-certificates.crt',
This fix worked for me on Ubuntu 14.04 running PHP 5.5.9.