PHP :: Bug #36104 :: SoapClient connection problems using certificate

Bug #36104	SoapClient connection problems using certificate
Submitted:	2006-01-20 15:59 UTC	Modified:	2006-02-02 15:06 UTC
From:	marcin dot dabrowski at gmail dot com	Assigned:	dmitry (profile)
Status:	Not a bug	Package:	SOAP related
PHP Version:	5.1.2	OS:	Windows XP [Version 5.1.2600]
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	marcin dot dabrowski at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2006-01-20 15:59 UTC] marcin dot dabrowski at gmail dot com

Description:
------------
I'm trying to use SoapClient with certificate. When I set the cert file path using options array I have 'Could not connect to host' error, while setting the path as a property works like a charm.

I tried to see whats with the connection, and (using netcat: nc -vvnLp 433) I got the following results.

- with 'php test.php 1' netcat gives:
listening on [127.0.0.1] 443 ...
connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 2055
 sent 0, rcvd 0

- with 'php test.php 0' netcat gives:
listening on [127.0.0.1] 443 ...
connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 2056
[binary stuff, SSL Handshake I think]
 sent 0, rcvd 132

PS: I tried with http://snaps.php.net/win32/php5.1-win32-200601201130.zip, same results.

Reproduce code:
---------------
<?php
$optionsInArray = (bool)$argv[1];

if ($optionsInArray) {
    $opts = array(
        'ssl' => array(
            'local_cert' => './cli_crt.pem',
            'allow_self_signed' => true
            )
        );
    $ctx = stream_context_create($opts);
    $soap = new SoapClient('a.wsdl', array(
        'stream_context'    => $ctx,
        'local_cert'        => './cli_crt.pem'
        ));
} else {
    $soap = new SoapClient('a.wsdl');
    $soap->_local_cert      = './cli_crt.pem';
}
try {
    var_export($soap->greet('Frodo'));
} catch (SoapFault $e) {
    var_export($e);
}
?>


Expected result:
----------------
Both ways this script should produce successful connection, and actually invoke the WebService. Only the second way it works as it should.



Actual result:
--------------
C:\usr\home\www\ws>php test.php 0
'Hello, World, and Frodo!!!'

C:\usr\home\www\ws>php test.php 1
SoapFault::__set_state(array(
   'message' => '',
   'string' => '',
   'code' => 0,
   'file' => 'C:\\usr\\home\\www\\ws\\test.php',
   'line' => 21,
   'trace' =>
  array (
    0 =>
    array (
      'function' => '__doRequest',
      'class' => 'SoapClient',
      'type' => '->',
      'args' =>
      array (
        0 => '<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:Hellowsdl" xmlns:xsd="http://w
http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyl
coding/"><SOAP-ENV:Body><ns1:greet><person xsi:type="xsd:string">Frodo</person></ns1:greet></SOAP-ENV:Body></SOAP-ENV:Envel
',
        1 => 'https://localhost/ws/index.php?realm=Hello',
        2 => 'urn:Hellowsdl#greet',
        3 => 1,
      ),
    ),
    1 =>
    array (
      'function' => '__call',
      'class' => 'SoapClient',
      'type' => '->',
      'args' =>
      array (
        0 => 'greet',
        1 =>
        array (
          0 => 'Frodo',
        ),
      ),
    ),
    2 =>
    array (
      'file' => 'C:\\usr\\home\\www\\ws\\test.php',
      'line' => 21,
      'function' => 'greet',
      'class' => 'SoapClient',
      'type' => '->',
      'args' =>
      array (
        0 => 'Frodo',
      ),
    ),
  ),
   'faultstring' => 'Could not connect to host',
   'faultcode' => 'HTTP',
))

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-01-20 16:02 UTC] sniper@php.net

Assigned to the maintainer.

[2006-02-02 11:30 UTC] dmitry@php.net

SoapClient knows nothing about "_local_cert" property, so second case doesn't use any certificate.

I just connected to "PayPal" using certificate in the same way as your first case. So probably you have problem with certificate or web server configuration.

Look into your error_log.

[2006-02-02 14:07 UTC] marcin dot dabrowski at gmail dot com

Ok, checked this, and it's in fact problem on my side. My certificate was in fact _only_ the certificate, without private key in the same file. After merging the two (cat cli_key.pem >> cli_crt.pem) all works fine, and my server's code can verify the certificate contents.

The only thing that's still puzzling me, is the message 'Could not connect to host' in case of using certificate without private key. When using 'openssl s_client' I can get clear info:
unable to load client certificate private key file
460:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:644:Expecting: ANY PRIVATE KEY

Is it possible to have that, or similar error message in place of 'Could not connect to host'?

Anyway, I think you can close this bug. Should I open another for that unclear error message?

[2006-02-02 15:06 UTC] iliaa@php.net

not a bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 11:01:33 2024 UTC