Re: fsockopen - certificate verify failed - how to import certificate /disable the check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello PHP Windows community list,

I tried different things with no luck. I started with an empty
cacert.pem file to check if it is used. Yes it is. I copied the
certificate for my server from the firefox certificate store, still my
server didn't worked and then it complains when trying to connect to
ssl://google.com what was working before.
When I use the cacert.pem from https://curl.haxx.se/docs/caextract.html
and test ssl://google.com and other servers these went well but not my
self signed server which certificate I added at the bottom of the
downloaded file.

SO FUCK YOU SECURITY if it is not working as expected/documented and the
logfile always says the same error message, with no hint what the
problem is.
I solved my problem with DISABLING THE FUCKING SECURITY I would like to
use but IT WAS NOT POSSIBLE.
It is no wonder why encryption doesn't work well in our society and with
IT solutions, because of security experts are no usabilty experts.

Dear PHP devolpers, if you change verify_peer from false to true per
default then test if it works with self signed certificates.

If anybody stumbles upon this. You can't solve it with fsockopen because
you can't set a stream context.

You need to change your request from
fsockopen( 'ssl://example.com', 443, $errno, $errstr, _FSOCK_TIMEOUT);

to
stream_socket_client( 'ssl://example.com:443', $errno, $errstr,
_FSOCK_TIMEOUT, STREAM_CLIENT_CONNECT , $context);

You can then set
$context = stream_context_create();
stream_context_set_option($context, "ssl", "verify_peer", false);

before the "stream_socket_client" call and disable the security checks.

Regards and of this list - Martin

Am 16.02.2016 um 16:55 schrieb Martin Tille:
> Hello PHP Windows community List,
> 
> I'm using PHP 5.6.12 and getting the error message:
> 
> Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error
> messages: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
> X:\xampp\htdocs\.... on line 320
> 
> I'm using a XAMPP portable installation. I took the cacert.pem from a
> subdirectory of the xampp installation
> (perl\vendor\lib\Mozilla\CA\cacert.pem) and copied it to X:\xampp\apache
> 
> What I tried so far is adding the lines
> 
> openssl.cafile="X:\xampp\apache\cacert.pem"
> ssl.verify_peer = false
> openssl.verify_peer = false
> 
> to the php.ini. Restarting apache ... same error. I exported from my
> Firefox the self signed certificate and the corresponding root
> certificate as pem files and added these to the cacert.pem file.
> Restarted apache ... same error.
> 
> WTF do I have to do to a disable the check or to use the existing
> certificate? I tried to increase the logging in php.ini to E_ALL with no
> more useful information in the log and set apache log level to debug,
> still no information what to do with this error.
> 
> 
> Regards Martin
> 
> 

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux