Login/Register
Php SoapClient stream_context option
Asked Answered
phpsoapsslhttps
C

2

2

I want to use a third party's web service. To use the web service I need to connect with HTTPS. My problem is that for the development process I have a test api with an invalid certificate. I would like to set SoapClient no to verify the server's certificate. Here is the way I tried:

$opts = array(
    'ssl'   => array(
            'verify_peer'          => false
        ),
    'https' => array(
            'curl_verify_ssl_peer'  => false,
            'curl_verify_ssl_host'  => false
     )
);
$streamContext = stream_context_create($opts);
$client = new SoapClient("https://urlToSoapWs",
  array(
      'login'             => 'user',
      'password'          => 'pwd',
      'authentication'    => SOAP_AUTHENTICATION_BASIC,
      'local_cert'        => file_get_contents('C:/somelocation/1.pem'),
      'passphrase'        => 'passphrase',
      'stream_context'    => $streamContext
  ));

I also tried with CURL and worked! But I want to use SoapClient. You can find the code with CURL below:

// create a new cURL resource
$ch = curl_init("https://urlToSoapWs");

// setting the request type to POST: 
curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml")); 
// setting the authorization method to BASIC: 
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); 
// supplying your credentials: 
curl_setopt($ch, CURLOPT_USERPWD, "user:pwd");

$body = "<SOAP-ENV:Envelope>somexmlhere</SOAP-ENV:Envelope>";
// filling the request body with your SOAP message: 
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

// configuring cURL not to verify the server certificate: 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, "pathToTheCertificatePemFile");
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "pwd");
//curl_setopt($ch, CURLOPT_SSLCERTTYPE, "PEM");

curl_setopt($ch, CURLOPT_SSLKEY, "pathTotheKeyFile");
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, "pwd");

// telling cURL to return the HTTP response body as operation result 
// value when calling curl_exec: 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
// calling cURL and saving the SOAP response message in a variable which 
// contains a string like "<SOAP-ENV:Envelope ...>...</SOAP-ENV:Envelope>": 


$result = curl_exec($ch);
// closing cURL: 
curl_close($ch);

If you have found the bug in the code that I provided using the SoapClient please post it. Thanks.

Coryphaeus answered 28/3, 2012 at 14:7 Comment(6)
what is the exact error you are having ??Referential
This is the error message from PHP error log: [28-Mar-2012 18:00:54] PHP Warning: SoapClient::SoapClient() [<a href='soapclient.soapclient'>soapclient.soapclient</a>]: SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in C:\wamp\www\FDGGwsTest\test.php on line 51Coryphaeus
Does the remote host require connection from a specific IP address ???Referential
No. You can access it from any computer.Coryphaeus
Hey I'm experiencing the same problem, did you find a solution to this?Tambour
@mars I've made a class that extends php SoapClient and overrides the __doRequest method. Note that you can override SoapClient's __doRequest method to something similar to my example with curl.Coryphaeus
D
2

Maybe not the invalid Certificate is a Problem, more the SSLv2/3 Handshake; can you try manually specifing a Cipher like this:

$stream_opts = array(
//      'ssl'=>array('ciphers'=>"3DES" // also working
//      further ciphers on http://www.openssl.org/docs/apps/ciphers.html
        'ssl'=>array('ciphers'=>"SHA1"
      )
);

$myStreamContext = stream_context_create($stream_opts);
$soapOptions['stream_context'] = $stream_opts;
$soapClient = new SoapAuthClient("https://...", $soapOptions);

Good luck!

Doriandoric answered 27/8, 2012 at 11:42 Comment(0)
G
0

It looks like you have hit this authentication plus SSL bug in SoapClient. You can either recompile php with the patch included in that link, or wait until they integrate it in the official build.

Grisly answered 11/4, 2012 at 0:31 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.