Login/Register
APNS + PHP "stream_socket_client(): Failed to enable crypto"
Asked Answered
Solved phpiosapple-push-notificationspushapns-php
T

8

17

I'm having trouble with using APNS with PHP and getting the following message:

stream_socket_client(): Failed to enable crypto

The problem only happens sometimes, and other times it would actually send the push.

Since I have the test script on a loop of 10 iterations, I would sometimes get this:

stream_socket_client(): SSL: Connection reset by peer

I'm testing using the sandbox server tls://gateway.sandbox.push.apple.com:2195

Here is what I tried:

  • I tried to reissue the PEM and all certificates with it.
  • I played around with the request protocol sslv3:// and tls://.
  • I played around with the passphrase (push worked without the passphrase btw)
  • I tried searching stackoverflow for a solution and nothing worked.
  • Checked pem file permissions 644
  • Checked pem parent directories permissions 755

It seems that all the solutions I found on Google and SO are people having problem pushing altogether.

I feel like the service is rate limited maybe? Because we waited a while (around 15 minutes) and then tried it again, and was able to successfully push around 100 messages until I started getting that message again.

Tawnatawney answered 11/3, 2015 at 19:3 Comment(2)
Have you found a solution for this, Samer? My situation looks so much like yours! Well in fact I was able to send apns sometimes, but lately I realized my script spent months trying to send apns one at a time even after my certificate has expired...I'm asking myself if Apple just blocked my IP and maybe now I stopped trying to connect they will unblock my IP after a certain amount of time...Polinski
Nevermind, check my answer about changing Apple's servers!! Now I use ssl://api.push.apple.com:443 instead of ssl://gateway.push.apple.com:2195Polinski
H
14

The sandbox push service is rate limited. I have experienced this myself when testing but have never encountered any such limit using the production API.

You might also be hitting their other protections.

Are you opening a connection, sending a message, closing connection and then looping and doing it all over again?

That will get your notifications dropped. Apple wants you to send several push notifications using the same connection, not a new one each time.

Best Practices for Managing Connections

You may establish multiple connections to the same gateway or to multiple gateway instances. If you need to send a large number of remote notifications, spread them out over connections to several different gateways. This improves performance compared to using a single connection: it lets you send the remote notifications faster, and it lets APNs deliver them faster.

Keep your connections with APNs open across multiple notifications; don’t repeatedly open and close connections. APNs treats rapid connection and disconnection as a denial-of-service attack. You should leave a connection open unless you know it will be idle for an extended period of time—for example, if you only send notifications to your users once a day it is ok to use a new connection each day.

From Apple Docs @ https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/CommunicatingWIthAPS.html

Hennebery answered 23/3, 2015 at 21:52 Comment(3)
That makes sense, I usually keep the connection open until sent to all devices so should be good on that part. Let's hope production is good. Thanks!Tawnatawney
lol sorry didn't know i had to press the bounty button to award it. I thought it was automatic.Tawnatawney
As said in @Hennebery answer, "Apple wants you to send several push notifications using the same connection, not a new one each time". Many libraries use stream_socket_client to send messages with option STREAM_CLIENT_CONNECT. Try to change it to STREAM_CLIENT_PERSISTENTNachison
E
5

My PHP code was generating following error:

PHP Warning:  stream_socket_client(): Failed to enable crypto in /private/tmp/t.php on line 12
PHP Warning:  stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /private/tmp/t.php on line 12
PHP Warning:  fclose() expects parameter 1 to be resource, boolean given in /private/tmp/t.php on line 24

The problem was, the damn certificate, expired the day before yesterday! :-) Can you believe this?

So, I need to recreate my PEM file.

Es answered 30/10, 2015 at 2:57 Comment(1)
YEAH! I recreated my certificate and it worked. Thanks! Just to remind how to generate the certificate: openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcertsAnurous
W
1

It is not necessary recreate your pem file

that error happens when you use an incorrect PassPhrase

regards Emiliano

Waller answered 16/11, 2015 at 19:57 Comment(0)
K
0

I had this problem. Disappeared after giving write permission for 'everyone' for the .pem file.

Kirchner answered 26/11, 2015 at 6:49 Comment(0)
P
0

I have this problem because I foolishly forgot to include the file extension (.pem) when supplying the file path for local_cert.

Polyurethane answered 29/2, 2016 at 23:6 Comment(0)
L
0

few checks :

  1. device token should be - with out spaces and with out < or >
  2. make sure the path of certificate is correct and expired date of it.
  3. make sure the passphrase you are using is the one u used to make certificate
Leong answered 21/4, 2016 at 3:18 Comment(0)
M
0

In my case, the issue was with my mac (OSX Sierra). I uploaded php and cert to my server, ran it, and the notification was delivered.

Marthamarthe answered 17/12, 2016 at 18:11 Comment(0)
M
0

I tried examples from book of Marin Todorov iOs 6 by Tutorials. And before I could send push notifications for automatical update I had a lot of headache cause of handshake error - stream_socket_client(): Failed to enable crypto.

I did all of what I found in Stackoverflow - changed permissions on certificate and others.

What I did eventually?

I created selfsigned SSL certificate and setup Apache for serving SSL.
Also I changed SSL protocol from ssl to tls in hostname: 

tls://gateway.push.apple.com:2195

After that service works.

Malacca answered 24/9, 2019 at 2:32 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.