Disable certificate verification in PHP SoapClient

Question

Summary:
Is there a way to force the built in SoapClient-class in PHP to connect over HTTPS to a server with an invalid certificate?

Why would I want to do that?
I have deployed a new application on a server that has no DNS entry or certificate yet. I want to try connecting to it with a SoapClient before setting up the DNS entry and fixing the certificate, and the most reasonable way to do this seems to be to just make the client ignore the certificate during testing.

Don't I realise that this is a huge security risk?
This is only for testing. When the service goes into production, there will be a valid certificate in place, and the client will be forced to validate it.

i'm also interested if the suggested solution worked – Gabriel Croitoru Dec 21 '11 at 17:46 — Gabriel Croitoru, Dec 21 '11 at 17:46

Kaii · Accepted Answer · 2016-08-18T22:28:31.257

120

SoapClient takes a stream context in its parameters, which you can create yourself. That way you can control almost every aspect of the transport layer:

$context = stream_context_create([
    'ssl' => [
        // set some SSL/TLS specific options
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    ]
]);

$client  = new SoapClient(null, [
    'location' => 'https://...',
    'uri' => '...', 
    'stream_context' => $context
]);

Documentation:

edited Aug 18 '16 at 22:28

answered Dec 09 '11 at 15:26

Kaii

20,122
3
38
60

2

Unfortunately this does not seem to work, and the verify_peer option defaults to false already (http://php.net/manual/en/context.ssl.php). – zpon Feb 29 '12 at 16:58
1

@zpon: This normally works. Checkout you're not using a differnt SSL sublayer that has different options. Also double check you don't run into a PHP bug, see a related question: [Php SoapClient stream_context option](http://stackoverflow.com/questions/9909232/php-soapclient-stream-context-option) – hakre Jan 02 '13 at 18:28
2

What about `allow_self_signed` set to `true`? Defaulting to `false` as well – Michel Feldheim Jan 06 '13 at 11:15
The above solution does not work on php version 5.6.31. I use a test script on the same server where magento is installed. The error i am getting is: Fatal error: Uncaught SoapFault exception: [VersionMismatch] Wrong Version – George Donev Sep 22 '17 at 06:41

tobik · Answer 2 · 2015-07-12T10:27:45.667

The accepted answer works but only in the non-WSDL mode. If you try to use this in the WSDL mode (i. e. you pass a WSDL file url as the first argument) you will face the fact that the stream context is ignored when downloading WSDL files. So if the WSDL file is also located on a server with broken certificate, it will fail, most likely throwing the message failed to load external entity. See more here and here.

As suggested, the simplest way around is to download the WSDL file manually and pass the local copy to the SoapClient. You can download it for example with file_get_contents using the very same stream context from the accepted answer.

Note that you will also have to do this when creating a SoapServer.

I've tried the accepted answer in PHP7 and it worked in WSDL mode. So maybe that problem was fixed now. — Michael Härtl, Jul 25 '16 at 10:32

score 3 · Answer 3 · edited Jul 26 '18 at 15:03

3

The correct list for PHP 5.6.8 is

'ssl' => array('verify_peer_name'=>false, 'allow_self_signed' => true),

edited Jul 26 '18 at 15:03

Muhammad Hassaan

7,296
6
30
50

answered May 11 '15 at 18:35

Will Tatam

566
3
10

score 2 · Answer 4 · edited Jul 20 '20 at 11:20

"verify_peer"=>false,
"verify_peer_name"=>false,

This is working on php 5.6.x;

$arrContextOptions=stream_context_create(array(
            "ssl" => array(
                 "verify_peer" => false,
                 "verify_peer_name" => false,
            )));
$this->client = new \SoapClient("https://tests.com?WSDL",
              array(
                //"soap_version" => SOAP_1_2,
                "trace"      => 1,      // enable trace to view what is happening
                "exceptions" => 0,      // disable exceptions
                "cache_wsdl" => 0,      // disable any caching on the wsdl, encase you alter the wsdl
                "stream_context" => $arrContextOptions
              ) 
                    
            );

or if you want you can add to cyrpto method

$arrContextOptions=stream_context_create(array(
            "ssl"=>array(
                 "verify_peer"=>false,
                 "verify_peer_name"=>false,
                 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
            ));

Disable certificate verification in PHP SoapClient

4 Answers4

Linked