|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-07-18 03:31 UTC] giftrac+php at gmail dot com
[2019-07-18 03:34 UTC] giftrac+php at gmail dot com
-Type: Bug
+Type: Documentation Problem
[2019-07-18 03:34 UTC] giftrac+php at gmail dot com
[2019-07-19 09:51 UTC] cmb@php.net
-Summary: SoapClient stream_context ignored
+Summary: configure option --with-system-ciphers is not
documented
-Status: Open
+Status: Verified
-Package: HTTP related
+Package: OpenSSL related
[2019-07-19 09:51 UTC] cmb@php.net
[2019-07-19 11:19 UTC] cmb@php.net
[2019-07-19 11:19 UTC] cmb@php.net
-Assigned To:
+Assigned To: cmb
[2019-07-19 11:20 UTC] salathe@php.net
[2019-07-19 11:20 UTC] salathe@php.net
-Status: Verified
+Status: Closed
[2020-02-07 06:04 UTC] phpdocbot@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 15:01:29 2024 UTC |
Description: ------------ In PHP 5.6.40, a stream_context can be provided to a SoapClient, that specifies that the ssl cert of the peer should not be verified. In PHP 7.3.7 the SoapClient appears to be ignoring the provided stream_context and attempts to verify the peer's cert. Similarly, a capath and cafile specified in a stream_context are used in PHP 5.6.40 to successfully verify a peer; however, they appear to be ignored in PHP 7.3.7. Test script: --------------- $opts = [ 'ssl' => [ 'crypto_method' => STREAM_CRYPTO_METHOD_TLS_CLIENT, 'verify_peer' => false, ], ]; $stream_context = stream_context_create($opts); $options = [ 'stream_context' => $stream_context, ]; $client = new SoapClient("https://...?wsdl", $options); $client->SomeMethod();//executes OK in PHP 5.6, errors out in PHP 7.3.7 Expected result: ---------------- It is expected that the ssl options in the stream_context are adhered to in PHP 7, including but not limited to: verify_peer, verify_peer_name, allow_self_signed, capath, cafile. Actual result: -------------- It appears the ssl options in the stream_context are ignored as evidenced by the SoapClient production a SoapFault exception detailing that it is unable to load from the provided WSDL URL (or when operating in location/uri mode, throwing an exception about being unable to import schema). PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://...' : failed to load external entity "https://..."