I'm in the process of upgrading from PHP 5.6 to PHP 7.3 and it appears that a SoapClient in PHP 7.3 ignores the ssl verify_peer
option.
In PHP 5.6 the following code executes as it should:
$opts = [
'ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLS_CLIENT,
'verify_peer' => false,
],
];
$stream_context = stream_context_create($opts);
$options = [
'stream_context' => $stream_context,
];
$client = new SoapClient("https://...?wsdl", $options);
$client->SomeMethod();
In PHP 7.3 executing the same code results in PHP Fatal Error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://...?wsdl' : failed to load external entity "https://...?wsdl"
I've tried including verify_peer_name => false
in $opts
; allow_self_signed => true
(although the cert isn't self-signed - just not signed by any trusted certs on the machine the code is running on). I've also tried including the cafile
(in .pem format) for the Root CA that signed the remote certificate, as well as the whole cert chain (in .pem format). Additionally I've tried to include the capath
option, pointing to a directory where I've saved the Root CA, as well as the cert chain.
If I try to bypass downloading the wsdl via providing a uri
and location
, I receive the error PHP Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host in...
I haven't found anything in the differences between 5.6 and 7.3 so far that would explain the difference in behavior I'm seeing.
After too much time spent on this it looks like PHP 7 does actually respect the stream_context
verify_peer
option. The root of the problem was that the "default" ciphers used when negotiating a connection changed between PHP 5.6 and PHP 7.3. Explicitly calling out the cipher(s) to be used allowed the SoapClient to communicate in PHP 7.3.7.
$opts = [
'ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLS_CLIENT,
'verify_peer' => false,
'ciphers' => 'RC4-SHA',
],
];
$stream_context = stream_context_create($opts);
$options = [
'stream_context' => $stream_context,
];
$client = new SoapClient("https://...?wsdl", $options);
$client->SomeMethod();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.