Databases
StackOverflow2013
Postsdbo
POConnecting to https host with soapclient: how to fix SSL problems?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POConnecting to https host with soapclient: how to fix SSL problems?
    primarykey
    data
    text
    <h2>TLDR</h2> <p>I can't seem to connect to a https endpoint with a <code>SoapClient</code>. As my wget returns a <code>handshake failure</code>, I suspect that is the cause. </p> <p><strong>How can I do a SOAP request to this server with <code>PHP</code>?</strong></p> <h2>complete</h2> <p>I'm trying to connect to a SOAP server (https). It doesn't have client certificate authentication, so the connection should be pretty straightforward, but sadly it isn't.</p> <p>The problem is that I keep getting <code>Could not connect to host</code> messages.</p> <p>The connection method I'm using is working for another server and I've verified that I'm setting the location for this server correctly (changed it to a server I control, and I'm getting response there). I suspect the problem is with the https/ssl connection to the server.</p> <h3>Situation</h3> <ul> <li>I'm creating a PHP <code>Soapclient</code> based on a wsdl I have locally. </li> <li>If I change the endpoint I get Request and Response headers, and everything works as expected.</li> <li>the machine is reachable from my server, though there is a problem visible when I use <code>wget</code> to connect to it (see below) Unable to establish SSL connection.</li> <li>The problem is also visible with openssl connections (see below)</li> </ul> <h3>What I tried.</h3> <p>There are a lot of topics about "no connection!", but there is obviously a lot of "my router was bad, I made a typo in the address etc" going on. I did try these settings that were suggested multiple times, but more as a "cut'n'paste" solution to be sure It didn't work" then out of real reasoning. Some comments from me added</p> <p>Creating a <code>stream_context</code> for the wsdl options. I have tried</p> <pre><code>$context = stream_context_create( array( 'ssl' =&gt; array( 'verify_peer' =&gt; false, //default 'allow_self_signed' =&gt; true, //needs verify peer, tried that 'ciphers'=&gt;"SHA1", // quite random. ), 'https' =&gt; array( 'curl_verify_ssl_peer' =&gt; false, 'curl_verify_ssl_host' =&gt; false ) ) ); $options['stream_context'] = $context; </code></pre> <p>(first only the <code>ssl</code> options with <code>verify_peer</code> and <code>allow_self_signed</code>. Then I added the <code>https</code> array, then finally I added the <code>ciphers</code> key to <code>ssl</code>.)</p> <p>I found a reference to <a href="https://bugs.php.net/bug.php?id=50489" rel="nofollow noreferrer">this bug</a>, but 1) I'm not getting that warning, 2) it seems to be proxy-related and 3) My version shouldn't have the bug anymore. I'm running <code>php 5.3.10</code></p> <p>When I try to wget the url, I get:</p> <pre><code> wget https://[[servername]]/SOAP Resolving [[servername]] ([[servername]])... xxx.xxx.xxx.xxx Connecting to [[servername]]([[servername]])|xxx.xxx.xxx.xxx|:443... connected. OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure </code></pre> <p>If I try to connect with openssl, I get this:</p> <pre><code>$ openssl s_client -connect [[server]]:443 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:unknown state SSL3 alert read:fatal:handshake failure SSL_connect:error in unknown state 3074463944:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724: </code></pre> <p>but if I force ssl3, I get an expected result</p> <pre><code>$ openssl s_client -ssl3 -connect [[server]]:443 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A **happy certificate stuff. this is good** Protocol : SSLv3 Cipher : DHE-RSA-AES256-SHA **more happy certificate stuff. ** </code></pre> <p>I have tried to add the curl-wrapper from <a href="https://stackoverflow.com/questions/4721788/making-soap-call-in-php-and-setting-ssl-version">this question</a> with ssl_version set to 3 (as this seems to work on the <code>openssl</code> command above). That wrapper does discard some of the parameters, so I'm not sure how complete this would be. Further, I still get a handshake error, unless I explicitly set checking to false. If I do that (see below), I get an empty response.</p> <pre><code>curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false); </code></pre> <h3>Causes</h3> <p>As said above, I suspect the ssl handshake, but I have no clue how to fix it. I don't suspect issues with the wsdl or the client-creation, as the connection does work with another wsdl, the same wsdl with a different location set etc. It is purely this (https) endpoint that's giving me headaches.</p> <h3>Extra tests.</h3> <p>Just as the test above with the curl wrapper I tried sending a minimal soap envelope as @halfwarr seemed to suggest in the comments. Als returns an empty response.</p> <p>So with above it seems that I do have a method to squeeze an <code>http 204</code> out of the server, but that's hardly success. But it could be a second problem? Not sure.</p> <p>I am supposing that I need to try and force the ssl3, but I have no idea how (and this could be the wrong path as well so I'm trying to not have <a href="https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem">an XY problem</a> here :)</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USCommunity
    1. USNanne
    plurals
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    3. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POConnecting to https host with soapclient: how to fix SSL problems?
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POConnecting to https host with soapclient: how to fix SSL problems?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POConnecting to https host with soapclient: how to fix SSL problems?
      1. USNanne
      1. VTFavorite
    1. COI've no idea, but is it worth trying 5.4.x, in case there's a problem with your version of PHP?
      singulars
      1. POConnecting to https host with soapclient: how to fix SSL problems?
      1. UShalfer
    2. CONot really. The live environment will not be moving towards that just yet. This version is still supported, so I'm not suspecting a problem (also, see the openssl stuff I just added: that still looks like the issue to me)
      singulars
      1. POConnecting to https host with soapclient: how to fix SSL problems?
      1. USNanne
    3. COhave you configured ssl on your system?
      singulars
      1. POConnecting to https host with soapclient: how to fix SSL problems?
      1. USRahul11
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload