0

I have a php:8.0.7-apache docker container.

I am attempting to use the verify_peer option in the ssl stream context for my SoapClient with the following settings:

$stream = stream_context_create([
    'ssl' => [
        'verify_peer' => true,
        'cafile' => '/var/www/html/path/to/certificate.pem.crt',
        'verify_peer_name' => false,
        'verify_host' => false,
        'allow_self_signed' => true
    ]
]);

$options = [
    'trace' => true,
    'cache_wsdl' => WSDL_CACHE_NONE,
    'exceptions' => true,
    'location' => 'https://server.com/endpoint',
    'classmap' => $this->getClassMap(),
    'stream_context' => $stream,
    'features' => SOAP_SINGLE_ELEMENT_ARRAYS
];

I have looked at the certificate the endpoint is using with the 'capture_peer_cert' => true option and have made sure it matched the SHA256 with the certificate file I have put in the cafile option from the output of this command:

openssl x509 -noout -fingerporint -sha256 -inform pem -in certificate.pem.crt

I have tried adding the 'cafile' to the docker's /usr/local/share/ca-certificates/ as per this question

I have tried adding a symlink of the 'cafile' to /etc/ssl/certs/[FILE_HASH].0 where [FILE_HASH] is the output of openssl x509 -hash -noout -in certificate.pem.crt and then use the 'capath' option set as /etc/ssl/certs

I have tried also installing/importing the certificate to Windows.

openssl is enabled in my php environment (extension_loaded('openssl') outputs true)

Yet still whenever 'verify_peer' => true I get the following SoapFault:

  +"faultstring": "Could not connect to host"
  +"faultcode": "HTTP"

But when I have the following stream context it works fine:

$stream = stream_context_create([
    'ssl' => [
        'verify_peer' => false
    ]
]);

HTTP/1.0 200 OK
X-Backside-Transport: OK OK
Date: Mon, 30 Aug 2021 02:00:00 GMT
X-Powered-By: Servlet/3.0
Set-Cookie: JSESSIONID=*************************************; Path=/; HttpOnly
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Content-Type: text/xml
Content-Language: en-US
Connection: Keep-Alive
Content-Length: ****

I do not know what else to try :(

Manstie
  • 163
  • 4
  • 12

0 Answers0