PHP :: Bug #68017 :: SoapServer fails to load local wsdl when using ssl

Bug #68017

SoapServer fails to load local wsdl when using ssl

Submitted:

2014-09-13 08:26 UTC

Modified:

2015-03-04 21:13 UTC

Votes:	5
Avg. Score:	4.4 ± 0.8
Reproduced:	5 of 5 (100.0%)
Same Version:	2 (40.0%)
Same OS:	3 (60.0%)

From:

dallas at ekkysoftware dot com

Assigned:

Status:

Not a bug

Package:

OpenSSL related

PHP Version:

5.5.16

OS:

CentOS

Private report:

CVE-ID:

None

View Developer Edit

[2014-09-13 08:26 UTC] dallas at ekkysoftware dot com

Description:
------------
When connecting to a soapclient to a soapserver via ssl. Everything works correctly when over http, but when moving to https it all fails. It was working when the ssl certificate/host was the default and did not require a SNI. Additionally if we flip the wsdl on the server side to http, then the client can connect sometimes - intermittent.

wget and curl are both able to access the wsdl via https and I can copy the wsdl to a local file and the SoapServer will still not load from a local file.

Server is setup as a virtual host where the host is not the default. When it was the default, the soap connection work correctly via https. Best guess is something is connection over ssl with ip 127.0.0.1, without an SNI and is getting the wrong certificate, preventing successful connection.



Test script:
---------------
I have tried all the options such as:
$context = stream_context_create(array(
		'ssl' => array('SNI_server_name' => parse_url($this->_wsdl, PHP_URL_HOST),'SNI_enabled' => TRUE,
			'peer_name' => parse_url($this->_wsdl, PHP_URL_HOST),'verify_peer' => false, 'allow_self_signed' => true),
	));
$options['stream_context'] = $context;
$options['ssl'] = array('ciphers'=> "SHA1",'verify_peer' => false, 'allow_self_signed' => true,
		'peer_name' => parse_url($this->_wsdl, PHP_URL_HOST),'curl_verify_ssl_peer'=>false,'curl_verify_ssl_host'  => false);
	$options['https'] = array('ciphers'=> "SHA1",'verify_peer' => false, 'allow_self_signed' => true,
		'peer_name' => parse_url($this->_wsdl, PHP_URL_HOST),'curl_verify_ssl_peer'=>false,'curl_verify_ssl_host'  => false);
			
	$server  = new SoapServer($this->_wsdl,$options);



Actual result:
--------------
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(): SSL: Success in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(): Failed to enable crypto in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1): failed to open stream: operation failed in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(): I/O warning : failed to load external entity &quot;https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1&quot; in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Notice:  SoapServer::SoapServer(): failed to discard buffer. No buffer to discard in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Fatal error:  SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1' : failed to load external entity "https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1"
 in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-03-04 21:13 UTC] rdlowrey@php.net

-Status: Open +Status: Not a bug

[2015-03-04 21:13 UTC] rdlowrey@php.net

Your SSL context settings are totally wrong and demonstrate a blind "shot in the dark." Unfortunately we can't help you with broken userland code support. If you can demonstrate a reproducible problem with correct userland code I will be happy to look into it. In the meantime, I recommend posting a question on stackoverflow.com to get help with how to correctly configure your SSL context options.

I'm closing this until a valid reproducible test case is shown to fail.

[2015-03-05 03:53 UTC] dallas at ekkysoftware dot com

Hello Daniel,

I guess that I've been writing software for a lot longer than you. If this was caused by the server been miss-configured, then it would be a problem for all other connection via SSL. For example a browser. But all other connection such as wget works correctly, except the cURL request from the SoapServer. 

If you search the web, you'll find a number of other people who have the same problem as I and have had to remove the https from the wsdl to solve the problem.

[2016-03-01 08:34 UTC] marko at techytalk dot info

Hi guys,
we had the exact same issue with stock Magento SOAP server implementation when someone set:

default_socket_timeout = -1

in our php.ini (Centos). It goes away with any other value there, so pretty much reproducible.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Mar 26 07:01:29 2025 UTC