PHP ios push nofitcation error: stream_socket_client(): SSL operation failed with code 1

P

2

9

I've read all the other posts on this issue but still no avail.

Im aware this issue can come up with bad certificates, however I verified both my certificate and my key were valid before combining them into a single .pem file which I put on the server.

I have absolutely no idea how to troubleshoot this next so any and all advice is greatly appreciated. Here is my server code

$ctx = stream_context_create();
        stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
        stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);

        // Open a connection to the APNS server
        $fp = stream_socket_client('ssl://gateway.sandbox.push.apple.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);

P.S. the ck.pem file is in the same directory with read permissions set.

Here is the full error message:

Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /var/www/site/pages/Callback.php on line 3515 Warning: stream_socket_client(): Failed to enable crypto in /var/www/site/pages/Callback.php on line 3515 Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/site/pages/Callback.php on line 3515 Failed to connect BECUSE OF ERROR: 0
UPDATE
It does seem to be a certificate validation issue after all but Im not sure why, when I check the ssl against APNS I get this error:
depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=iTMS Engineering/CN=gateway.sandbox.push.apple.com
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
 1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
   i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
No client certificate CA names sent

Pergola answered 4/4, 2014 at 0:7 Comment(4)

I suspect that your server doesn't have the Entrust CA certificate, so it can't verify the APNS server cert - developer.apple.com/library/ios/documentation/… . You can download it here entrust.net – Royall 4/4, 2014 at 0:20

The documentation for stream_context says that it does't verify the peer by default (this is a bad default!), so it may not be your problem, but you can use the cafile option to specify the CA certificate php.net/manual/en/context.ssl.php – Royall 4/4, 2014 at 0:23

I will try both of these suggestions thank you! – Pergola 4/4, 2014 at 2:1

I tried it with the certificate still getting Warning: stream_socket_client(): SSL operation failed with code 1 as the first error – Pergola 4/4, 2014 at 14:54

T

4

Download entrust_2048_ca.cer

Add full path to entrust_2048_ca.cer

/var/www/site/pages/entrust_2048_ca.cer

Teamwork answered 4/4, 2014 at 20:50 Comment(2)

How add use this solution in a APNS Server ? I have a file PHP, named push.php. This push is fired when use the URL "localhost/folderPush/push.php. I changed the version of my Xampp and using the new version, i am received this same error. – Irenics 22/1, 2015 at 1:17

@TiagoAmaral this question was for PHP CLI but if you are running localhost you can do it in your browser – Teamwork 22/1, 2015 at 1:19

R

0

just put your .pem file in root directory and give that path ...

Rooftop answered 3/12, 2018 at 12:1 Comment(0)

Recommended topics

Hot tags