php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68017 SoapServer fails to load local wsdl when using ssl
Submitted: 2014-09-13 08:26 UTC Modified: 2015-03-04 21:13 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:3 (60.0%)
From: dallas at ekkysoftware dot com Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 5.5.16 OS: CentOS
Private report: No CVE-ID: None
 [2014-09-13 08:26 UTC] dallas at ekkysoftware dot com
Description:
------------
When connecting to a soapclient to a soapserver via ssl. Everything works correctly when over http, but when moving to https it all fails. It was working when the ssl certificate/host was the default and did not require a SNI. Additionally if we flip the wsdl on the server side to http, then the client can connect sometimes - intermittent.

wget and curl are both able to access the wsdl via https and I can copy the wsdl to a local file and the SoapServer will still not load from a local file.

Server is setup as a virtual host where the host is not the default. When it was the default, the soap connection work correctly via https. Best guess is something is connection over ssl with ip 127.0.0.1, without an SNI and is getting the wrong certificate, preventing successful connection.



Test script:
---------------
I have tried all the options such as:
$context = stream_context_create(array(
		'ssl' => array('SNI_server_name' => parse_url($this->_wsdl, PHP_URL_HOST),'SNI_enabled' => TRUE,
			'peer_name' => parse_url($this->_wsdl, PHP_URL_HOST),'verify_peer' => false, 'allow_self_signed' => true),
	));
$options['stream_context'] = $context;
$options['ssl'] = array('ciphers'=> "SHA1",'verify_peer' => false, 'allow_self_signed' => true,
		'peer_name' => parse_url($this->_wsdl, PHP_URL_HOST),'curl_verify_ssl_peer'=>false,'curl_verify_ssl_host'  => false);
	$options['https'] = array('ciphers'=> "SHA1",'verify_peer' => false, 'allow_self_signed' => true,
		'peer_name' => parse_url($this->_wsdl, PHP_URL_HOST),'curl_verify_ssl_peer'=>false,'curl_verify_ssl_host'  => false);
			
	$server  = new SoapServer($this->_wsdl,$options);



Actual result:
--------------
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(): SSL: Success in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(): Failed to enable crypto in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1): failed to open stream: operation failed in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Warning:  SoapServer::SoapServer(): I/O warning : failed to load external entity "https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1" in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Notice:  SoapServer::SoapServer(): failed to discard buffer. No buffer to discard in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826
[13-Sep-2014 07:47:57 UTC] PHP Fatal error:  SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1' : failed to load external entity "https://www.plazapinger.com/index.php/api/soap/index/?wsdl=1"
 in /home/plaza/public_html/lib/Zend/Soap/Server.php on line 826


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-04 21:13 UTC] rdlowrey@php.net
-Status: Open +Status: Not a bug
 [2015-03-04 21:13 UTC] rdlowrey@php.net
Your SSL context settings are totally wrong and demonstrate a blind "shot in the dark." Unfortunately we can't help you with broken userland code support. If you can demonstrate a reproducible problem with correct userland code I will be happy to look into it. In the meantime, I recommend posting a question on stackoverflow.com to get help with how to correctly configure your SSL context options.

I'm closing this until a valid reproducible test case is shown to fail.
 [2015-03-05 03:53 UTC] dallas at ekkysoftware dot com
Hello Daniel,

I guess that I've been writing software for a lot longer than you. If this was caused by the server been miss-configured, then it would be a problem for all other connection via SSL. For example a browser. But all other connection such as wget works correctly, except the cURL request from the SoapServer. 

If you search the web, you'll find a number of other people who have the same problem as I and have had to remove the https from the wsdl to solve the problem.
 [2016-03-01 08:34 UTC] marko at techytalk dot info
Hi guys,
we had the exact same issue with stock Magento SOAP server implementation when someone set:

default_socket_timeout = -1

in our php.ini (Centos). It goes away with any other value there, so pretty much reproducible.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Aug 26 01:01:26 2019 UTC