I just wanted to add the following, as it may help people track down this issue:

An E_WARNING is triggered in this case, though the error_reporting value is set to exclude E_WARNING level errors (amongst others) here - https://github.com/php/php-src/blob/942809909e1bc125db038796c0a1a0b53eeaca7d/ext/soap/php_http.c#L189

It is possible to observe the error with a customer error handler registered, however -  this resolves to something like:

"SoapClient::__doRequest(): Peer certificate CN=`example.com' did not match expected CN=`192.168.1.155'"

If you see this, and have a proxy set, then you probably are being affected by this bug.

I can confirm this problem. You need a SSL connection via a proxy to reproduce it. The exact error can be made visible by using your own error-handler before sending the SOAP request, e.g.

    set_error_handler(
        function ($errno , $errstr, $errfile = null, $errline = null) {
            printf(
                "ERROR #%d: %s in %s line %s\n", $errno, $errstr, 
                $errfile, $errline
            );
        }
    );

This produces an error like:


> ERROR #2: SoapClient::__doRequest(): Peer certificate CN=`correct-domain.exmaple.com' did not match expected CN=`proxy.example.net'

The SOAP Fault itself is little saying as reported:

> Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host

Patch with test case for the peer-name verification problem (against the 7.0 branch): https://github.com/php/php-src/pull/2152

As for the first issue about SSL version, STREAM_CRYPTO_METHOD_SSLv23_CLIENT actually means highest available SSL/TLS version, up to TLSv1.2. It's a quirk of OpenSSL; see the description of SSLv23_method: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html. STREAM_CRYPTO_METHOD_TLS_CLIENT will actually restrict the connection to TLSv1.0 only.

Could you please backport the patch https://github.com/php/php-src/pull/2152 to 5.6?

I believe this has been resolved by the aforementioned PR.

This will not be backported to 5.6, as it's no longer actively supported.

Our company is running PHP 5.6 as we have PECL modules that don't support PHP 7.

We experienced this issue and the PHP 7 patch wouldn't apply cleanly to the PHP 5.6 tree, so I have backported it to PHP 5.6. This has been tested to work and is in production.

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 3246091..fcf593e 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -163,7 +163,7 @@ void http_context_headers(php_stream_context* context,
 static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, php_stream_context *context, int *use_proxy TSRMLS_DC)
 {
 	php_stream *stream;
-	zval **proxy_host, **proxy_port, **tmp;
+	zval **proxy_host, **proxy_port, **tmp, ssl_proxy_peer_name;
 	char *host;
 	char *name;
 	char *protocol;
@@ -245,6 +245,13 @@ static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, ph
 		char *http_headers;
 		int http_header_size;
 
+		/* Set peer_name or name verification will try to use the proxy server name */
+		if (!stream->context || php_stream_context_get_option(stream->context, "ssl", "peer_name", &tmp) != SUCCESS) {
+			ZVAL_STRING(&ssl_proxy_peer_name, phpurl->host, 1);
+			php_stream_context_set_option(stream->context, "ssl", "peer_name", &ssl_proxy_peer_name);
+			zval_dtor(&ssl_proxy_peer_name);
+		}
+
 		smart_str_append_const(&soap_headers, "CONNECT ");
 		smart_str_appends(&soap_headers, phpurl->host);
 		smart_str_appendc(&soap_headers, ':');
diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 569701a..571db1f 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -2398,7 +2398,9 @@ PHP_METHOD(SoapClient, SoapClient)
 				Z_TYPE_PP(tmp) == IS_RESOURCE) {
 			context = php_stream_context_from_zval(*tmp, 1);
 			zend_list_addref(context->rsrc_id);
-		}
+		} else {
+			context = php_stream_context_alloc();
+		}
 
 		if (zend_hash_find(ht, "location", sizeof("location"), (void**)&tmp) == SUCCESS &&
 		    Z_TYPE_PP(tmp) == IS_STRING) {