[英]haxe (php) https call: stream_socket_client() Peer certificate CN did not match expected CN
I am using haxe's Http class (compiled to php) to send a request()
over https to AWS. 我正在使用haxe的Http类(编译为php
request()
通过https向AWS发送request()
。 Here a minimal example using the haxe-aws library ( https://github.com/Blank101/haxe-aws ): 这是使用haxe-aws库的最小示例( https://github.com/Blank101/haxe-aws ):
var iamconf = new IAMConfig('newbucket.s3-eu-central-1.amazonaws.com', accessKey, secretKey, 'eu-central-1', 's3');
var sig4 = new Sig4Http('https://newbucket.s3-eu-central-1.amazonaws.com/', iamconf);
sig4.applySigning(true);
sig4.setPostData('<CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><LocationConstraint>eu-central-1</LocationConstraint></CreateBucketConfiguration>');
sig4.request(true);
No matter which service/endpoint I use, the response is always: 无论我使用哪个服务/端点,响应总是:
stream_socket_client(): Peer certificate CN=`*.s3.eu-central-1.amazonaws.com' did not match expected CN=`54.231.192.50' (errno: 2) in [...]lib\sys\net\Socket.class.php at line #34
Requests over http work. 请求http工作。 Any ideas?
有任何想法吗?
Edit: The responsible part of the code why the IP address is used to connect and not the name: 编辑:代码的负责部分,为什么使用IP地址连接而不是名称:
if(!php_Boot::$skip_constructor) {
if(_hx_deref(new EReg("^(\\d{1,3}\\.){3}\\d{1,3}\$", ""))->match($name)) {
$this->_ip = $name;
} else {
$this->_ip = gethostbyname($name);
if($this->_ip === $name) {
$this->ip = 0;
return;
}
}
}
As pointed out here https://groups.google.com/forum/#!msg/haxelang/JMSBpF2sOi0/QpoNEjk9EQAJ and here http://php.net/manual/en/migration56.openssl.php the openssl extension in PHP 5.6 uses peer verification per default. 正如这里指出的那样https://groups.google.com/forum/#!msg/haxelang/JMSBpF2sOi0/QpoNEjk9EQAJ和http://php.net/manual/en/migration56.openssl.php PHP 5.6中的openssl扩展默认使用对等验证。 Hence, switching back to PHP 5.5 is a workaround because peer verification is disabled here.
因此,切换回PHP 5.5是一种解决方法,因为此处禁用了对等验证。 However it still uses the IP address instead of the hostname and therefore does not solve the root of the problem.
但是它仍然使用IP地址而不是主机名,因此无法解决问题的根源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.