Soap Client Call to SSL

Question

I am trying to get the content of WSDL from HTTPS Server

<?php
echo file_get_contents("https://zendsoap.lan/Zend_Soap_Server.php?wsdl");
?>

It Return:

Warning: file_get_contents() [function.file-get-contents]: SSL operation failed with code 1. OpenSSL Error messages: error:1408E0F4:SSL routines:func(142):reason(244) in /Applications/AMPPS/www/zendSoap.lan/Zend_Soap_Client.php on line 4

Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in /Applications/AMPPS/www/zendSoap.lan/Zend_Soap_Client.php on line 4

Warning: file_get_contents(https://zendsoap.lan/Zend_Soap_Server.php?wsdl) [function.file-get-contents]: failed to open stream: operation failed in /Applications/AMPPS/www/zendSoap.lan/Zend_Soap_Client.php on line 4

AND when I can goto the WSDL Location (https://zendsoap.lan/Zend_Soap_Server.php?wsdl): Everything looks fine.

PS: Can anybody tell me how can I share the WSDL file

Answer 1

I agree with RockyFord regarding it being an SSL issue (I'm pretty sure you will have a self signed certificate in place and due to using SSL there are a few steps you will need to take in order to minimise security concerns). Regarding the immediate issue you could try fixing it with code similar to this:

$url = 'https://zendsoap.lan/Zend_Soap_Server.php?wsdl';

$contextOptions = array(
    'ssl' => array(
        'verify_peer' => true,
        'CN_match'    => 'zendsoap.lan' // assuming zendsoap.lan is the CN used in the certificate
    )
);

$sslContext = stream_context_create($contextOptions);

$wsdlContent = file_get_contents($url, NULL, $sslContext);

( UPDATE: It might seem like an easy solution to change the code above to

 'verify_peer' => false

while it may be ok for basic development it's not really a good idea and definitely shouldn't be used in a production environment as it introduces serious security concerns - see this excellent article on How to properly secure remote API calls over SSL from PHP code by Artur Ejsmont for more on this subject as well as the Transport Layer Security Cheat Sheet and Securing Web Services by OWASP )

To pick up on your point regarding sharing a WSDL from within a Zend Framework application you could do something like this to get started:

// go to application/configs/application.ini
// if your APPLICATION_ENV is development then add the following line in the development section:
phpSettings.soap.wsdl_cache_enabled = 0

The line above will prevent your wsdl being cached during development. Next you might want to create a SoapController and add this action like this:

public function serverAction()
{
    $baseUrl = 'http://zendsoap.lan/soap/server';

    if( isset( $_GET['wdsl'] ) ) {
        $strategy = new Zend_Soap_Wsdl_Strategy_AnyType();
        $server = new Zend_Soap_AutoDiscover($strategy);
        $server->setUri($baseUrl);
        $server->setClass('Application_Model_Web_Service');
        $server->handle();
    } else {            
        $server = new Zend_Soap_Server($baseUrl . '?wsdl');
        $server->setClass('Application_Model_Web_Service');
        $server->handle();
    }
}

The nice thing about the approach above is the WSDL will be generated for you on the fly. You will have noticed the setClass() method is going to be called with 'Application_Model_Web_Service' passed as the only parameter. To test your configuration I recommend you create that class and insert the method below. Testing your configuration with a simple service containing a single method will help you with troubleshooting before you make the service more complex. Here is the example method:

// Note: you should definitely comment your methods correctly in the class so 
// the WSDL will be generated correctly - by that I mean use @param and @return
// so the correct input and output types can be determined and added to the WSDL
// when the the ZF component generates it for you
/**     
 * @return string
 */
 public function getMessage()
 {
     return 'ok';
 }

( UPDATE: Also in response to the question you asked regarding using Zend_Soap_Client to access the web service, since it looks like you're intending to make it a secure service I'd suggest you raise a separate question regarding setting up secure soap services with php. If you explain more about what you're trying to do in that question you may get some good input from a range of experts on best practices :-)

)

I know you're new to SO so if you're happy with the answer you can accept it, also generally it's best to just reply to an answer rather than add another answer to reply. Easy when you know how of course and even easier when someone tells you ;-)

Answer 2

I tried your way of defining The Soap Server, only thing was I used my custom class instead of using Application_Model_Web_Service. I am using single files for Client & Server. When I run https://zendsoap.lan/Zend_Soap_Server.php without ?wsdl it result in this:

<SOAP-ENV:Envelope>
 <SOAP-ENV:Body>
  <SOAP-ENV:Fault>
   <faultcode>WSDL</faultcode>
  <faultstring>SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://zendsoap.lan/Zend_Soap_Server.php?wsdl' : failed to load external entity "https://zendsoap.lan/Zend_Soap_Server.php?wsdl"
  </faultstring>
  </SOAP-ENV:Fault>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

And When I try file_get_contents() the way you told, I get this:

Warning: file_get_contents() [function.file-get-contents]: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:func(144):reason(134) in /Applications/AMPPS/www/zendSoap.lan/https_soap_test.php on line 16

Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in /Applications/AMPPS/www/zendSoap.lan/https_soap_test.php on line 16

Warning: file_get_contents(https://zendsoap.lan/Zend_Soap_Server.php?wsdl) [function.file-get-contents]: failed to open stream: operation failed in /Applications/AMPPS/www/zendSoap.lan/https_soap_test.php on line 16

Here is link to screenshot of My Certificate: http://i.stack.imgur.com/bKoVD.png

Loads of thanks for your help.

Answer 3

Problem solved By changing 'verify_peer' => false

Can you (@dkcwd) please tell me what should be the code if I use Zend_Soap_Client without file_get_contents(). I mean is there any option which i can't find on internet to do something similar to 'verify_peer' => false.

Loads of Thanks to @dkcwd

UPDATE: Let me summarise what exactly I am doing, I am trying to create a basic SOAP Server over SSL. Before making Web Services available on my Production website, I have to test it on Development system with has got Self Signed Certificate (Whose authentication is a problem right now). Following are the problems I am facing in that regard:

1. When I try to call https://zendsoap.lan/Zend_Soap_server.php?wsdl its works fine I can view the wsdl.

2. But when I try https://zendsoap.lan/Zend_Soap_server.php , I get this:

   SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://zendsoap.lan/Zend_Soap_Server.php?wsdl' : failed to load external entity "https://zendsoap.lan/Zend_Soap_Server.php?wsdl" Is that something I should be

3. The reason I made verify_peer=>false as I am running it on dev server so no need to verify my own created certificate, but obviously on production I want the Certificate to be verified.

This thing work fine with NuSoap but most of the stuff in NuSoap is deprecated for our server which is running PHP 5.4.6, So the most reliable solution for me using PHP's SOAP extension. And the reason for me using Zend is we're in process of moving our system from some third party framework to Zend Framework and everyday I get requests from client to add this & that new components, I assumed if I develop every new request from Client using Zend libraries then it will be easy for me in later stages to move to Zend Framework.

I hope I made some sense there.

Many Thanks in advance...