stackoom
  简体   繁体   中英

PHP 7.3 SoapClient stream_context (verify_peer) Ignored

 原文  2019-07-17 20:44:00       php/ ssl/ soap/ soap-client/ php-7.3

Question

I'm in the process of upgrading from PHP 5.6 to PHP 7.3 and it appears that a SoapClient in PHP 7.3 ignores the ssl verify_peer option.

In PHP 5.6 the following code executes as it should: 

$opts = [
    'ssl' => [
        'crypto_method' => STREAM_CRYPTO_METHOD_TLS_CLIENT,
        'verify_peer' => false,
    ],
];
$stream_context = stream_context_create($opts);
$options = [
    'stream_context' => $stream_context,
];
$client = new SoapClient("https://...?wsdl", $options);
$client->SomeMethod();

In PHP 7.3 executing the same code results in PHP Fatal Error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://...?wsdl' : failed to load external entity "https://...?wsdl"

I've tried including verify_peer_name => false in $opts ; allow_self_signed => true (although the cert isn't self-signed - just not signed by any trusted certs on the machine the code is running on). I've also tried including the cafile (in .pem format) for the Root CA that signed the remote certificate, as well as the whole cert chain (in .pem format). Additionally I've tried to include the capath option, pointing to a directory where I've saved the Root CA, as well as the cert chain.

If I try to bypass downloading the wsdl via providing a uri and location , I receive the error PHP Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host in...

I haven't found anything in the differences between 5.6 and 7.3 so far that would explain the difference in behavior I'm seeing.

1 answers

solution1
 0  2019-07-18 03:37:57

After too much time spent on this it looks like PHP 7 does actually respect the stream_context verify_peer option. The root of the problem was that the "default" ciphers used when negotiating a connection changed between PHP 5.6 and PHP 7.3. Explicitly calling out the cipher(s) to be used allowed the SoapClient to communicate in PHP 7.3.7. 

$opts = [
    'ssl' => [
        'crypto_method' => STREAM_CRYPTO_METHOD_TLS_CLIENT,
        'verify_peer' => false,
        'ciphers' => 'RC4-SHA',
    ],
];
$stream_context = stream_context_create($opts);
$options = [
    'stream_context' => $stream_context,
];
$client = new SoapClient("https://...?wsdl", $options);
$client->SomeMethod();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Php SoapClient stream_context option Php SoapClient verify_peer=>true fails with ca-signed certificate PHP: get_headers set temporary stream_context Apple Push with proxy and stream_context file_get_contents ignoring verify_peer=>false? How to disable "verify_peer" with Symfony Mailer component? Laravel beyondcode websockets - doesn't work if verify_peer is true PHP7 SoapClient verify_peer_name: SOAP Error: Could not connect to host Overload symfony2 vendor class to set curl verify_peer option to false How to set 'verify_peer_name=false' SSL context option via php.ini in PHP 5.6
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM