2

I want to use a third party's web service. To use the web service I need to connect with HTTPS. My problem is that for the development process I have a test api with an invalid certificate. I would like to set SoapClient no to verify the server's certificate. Here is the way I tried:

$opts = array(
    'ssl'   => array(
            'verify_peer'          => false
        ),
    'https' => array(
            'curl_verify_ssl_peer'  => false,
            'curl_verify_ssl_host'  => false
     )
);
$streamContext = stream_context_create($opts);
$client = new SoapClient("https://urlToSoapWs",
  array(
      'login'             => 'user',
      'password'          => 'pwd',
      'authentication'    => SOAP_AUTHENTICATION_BASIC,
      'local_cert'        => file_get_contents('C:/somelocation/1.pem'),
      'passphrase'        => 'passphrase',
      'stream_context'    => $streamContext
  ));

I also tried with CURL and worked! But I want to use SoapClient. You can find the code with CURL below:

// create a new cURL resource
$ch = curl_init("https://urlToSoapWs");

// setting the request type to POST: 
curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml")); 
// setting the authorization method to BASIC: 
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); 
// supplying your credentials: 
curl_setopt($ch, CURLOPT_USERPWD, "user:pwd");

$body = "<SOAP-ENV:Envelope>somexmlhere</SOAP-ENV:Envelope>";
// filling the request body with your SOAP message: 
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

// configuring cURL not to verify the server certificate: 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, "pathToTheCertificatePemFile");
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "pwd");
//curl_setopt($ch, CURLOPT_SSLCERTTYPE, "PEM");

curl_setopt($ch, CURLOPT_SSLKEY, "pathTotheKeyFile");
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, "pwd");

// telling cURL to return the HTTP response body as operation result 
// value when calling curl_exec: 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
// calling cURL and saving the SOAP response message in a variable which 
// contains a string like "<SOAP-ENV:Envelope ...>...</SOAP-ENV:Envelope>": 


$result = curl_exec($ch);
// closing cURL: 
curl_close($ch);

If you have found the bug in the code that I provided using the SoapClient please post it. Thanks.

Gergo Boros
  • 323
  • 1
  • 3
  • 12
  • what is the exact error you are having ?? – Baba Mar 28 '12 at 14:52
  • This is the error message from PHP error log: [28-Mar-2012 18:00:54] PHP Warning: SoapClient::SoapClient() [soapclient.soapclient]: SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in C:\wamp\www\FDGGwsTest\test.php on line 51 – Gergo Boros Mar 28 '12 at 15:01
  • Does the remote host require connection from a specific IP address ??? – Baba Mar 28 '12 at 15:26
  • No. You can access it from any computer. – Gergo Boros Mar 28 '12 at 15:51
  • Hey I'm experiencing the same problem, did you find a solution to this? – Mars Jun 24 '12 at 19:33
  • @mars I've made a class that extends php SoapClient and overrides the __doRequest method. Note that you can override SoapClient's __doRequest method to something similar to my example with curl. – Gergo Boros Jun 25 '12 at 16:05

2 Answers2

2

Maybe not the invalid Certificate is a Problem, more the SSLv2/3 Handshake; can you try manually specifing a Cipher like this:

$stream_opts = array(
//      'ssl'=>array('ciphers'=>"3DES" // also working
//      further ciphers on http://www.openssl.org/docs/apps/ciphers.html
        'ssl'=>array('ciphers'=>"SHA1"
      )
);

$myStreamContext = stream_context_create($stream_opts);
$soapOptions['stream_context'] = $stream_opts;
$soapClient = new SoapAuthClient("https://...", $soapOptions);

Good luck!

Tontaube
  • 59
  • 2
0

It looks like you have hit this authentication plus SSL bug in SoapClient. You can either recompile php with the patch included in that link, or wait until they integrate it in the official build.

Marc Pujol
  • 1