file_get_contents ignoring verify_peer=>false?

Question

file_get_contents with https hosts works just fine, except for a particular host (test api server from some company - ip whitelisted, can't give you URL to test). This rules out not loaded https modules and other initial setup mistakes.

I have tested with multiple PHP installations, all at v5.3.3, 32bits, Debian 32bits.

The request works with cURL, but only if setting curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);. However, setting verify_peer"=>false on the context for file_get_contents seems to make no difference.

With file_get_contents, the exact same request (same URL, same XML POST data) fails with SSL: Connection reset by peer:

$arrContextOptions=array(
    "http" => array(
        "method" => "POST",
        "header" => 
            "Content-Type: application/xml; charset=utf-8;\r\n".
            "Connection: close\r\n",
        "ignore_errors" => true,
        "timeout" => (float)30.0,
        "content" => $strRequestXML,
    ),
    "ssl"=>array(
        "allow_self_signed"=>true,
        "verify_peer"=>false,
    ),
);

file_get_contents("https://somedomain:2000/abc/", false, stream_context_create($arrContextOptions));

.

Has anyone encountered this with file_get_contents? Any ideas how to debug?

Yeah, cURL seems to be the best bet. A few google searches shows me that others have had the same problem without being able to solve it. They all fell back on cURL. — Repox, Feb 25 '13 at 21:39
What happens if you use `'false'` string instead of `false` boolean? — sjdaws, Mar 01 '13 at 22:11
@sjdaws Well, if the internal code casts to boolean, then I would be passing `true` to the function. And I tried with `true`, same behaviour. — oxygen, Mar 01 '13 at 23:27
Agree but `verify_peer` defaults to false so I don't understand why you're setting it at all. It's worth a try. — sjdaws, Mar 01 '13 at 23:36
Very late to this question but you can also try `'verify_peer_name'=>false` — ck_, Aug 16 '15 at 08:36

score 4 · Accepted Answer · answered Aug 16 '18 at 23:17

You missed verify_peer_name. If you set that to false as well, the request works:

$arrContextOptions=array(
    "http" => array(
        "method" => "POST",
        "header" => 
            "Content-Type: application/xml; charset=utf-8;\r\n".
            "Connection: close\r\n",
        "ignore_errors" => true,
        "timeout" => (float)30.0,
        "content" => $strRequestXML,
    ),
    "ssl"=>array(
        "allow_self_signed"=>true,
        "verify_peer"=>false,
        "verify_peer_name"=>false,
    ),
);

file_get_contents("https://somedomain:2000/abc/", false, stream_context_create($arrContextOptions));

score 1 · Answer 2 · answered Mar 07 '13 at 06:55

dont' know if this will actually help, but do try removing the SSL options from your option array.

The reason behind this: according to http://www.php.net/manual/en/context.ssl.php , verify_peer is false by default.

allow_self_signed REQUIRES verify_peer, and is false by default.

From the above, I gather that allow_self_signed probably overrides your setting for verify_peer.

So please try without any option for SSL, or without the allow_self_signed, and let us know if that helped any.

score 0 · Answer 3 · edited Mar 03 '13 at 01:28

0

You could try to debug this with Wireshark -- you might get a better idea of what goes wrong, you should see which SSL error occurs.

edited Mar 03 '13 at 01:28

luiges90

4,493
2
28
43

answered Mar 03 '13 at 01:25

eyevan

1,475
8
20

You're getting "Connection reset by peer", which means it doesn't neccessarily hang up. I'm guessing if the client and server can't agree on which SSL handshake version to use, you'd get this error. – eyevan Mar 03 '13 at 12:53

M Rostami · Answer 4 · 2013-03-08T08:28:00.317

0

try this code :

$fp = fsockopen("ssl://somedomain/abc/", 2000 , $ErrNo, $ErrString, 30);
if (!$fp) {
    echo "Error No : $ErrNo - $ErrString <br />\n";
} else {
    $out  = "POST / HTTP/1.1\r\n";
    $out .= "Host: somedomain \r\n";
    $out .= "Content-Type: application/xml; charset=utf-8;\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}

if you don't get error , i think problem (with file_get_contents) is form client php configuration otherwise from server configuration.

edited Mar 08 '13 at 08:28

answered Mar 07 '13 at 09:00

M Rostami

4,035
1
35
39

Ok, fsockopen worked. However, there is nothing wrong with the PHP configuration. It works just fine with many other HTTPS self signed SSL certificates. – oxygen Mar 07 '13 at 20:45

score -1 · Answer 5 · edited Jul 31 '16 at 13:34

-1

only install this

yum install ca-certificates.noarch

edited Jul 31 '16 at 13:34

Abdulla Nilam

36,589
17
64
85

answered Jul 31 '16 at 13:14

Mohsen Davari

11
1
7

1

While this code snippet may solve the question, [including an explanation](//meta.stackexchange.com/questions/114762/explaining-entirely-code-based-answers) really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Please also try not to crowd your code with explanatory comments, as this reduces the readability of both the code and the explanations! – Blue Jul 31 '16 at 19:19

file_get_contents ignoring verify_peer=>false?

5 Answers5

Linked