I used PHP 5.5 but I forced to update it and now I'm using PHP 5.6.19.
Now, when I'm trying to communicate with external API I get warning:
Warning: file_get_contents(): Peer certificate CN=
*.domain.com' did not match expected CN=
api.domain.com'
It hasn't appeared in previous PHP version.
$encryptedEncodedData // this is json encoded
//array, then encrypted by mcrypt with rijndael-128 and finally bin2hex.
$context = stream_context_create(array(
'http' => array(
'method' => 'POST',
'header' => 'Content-Type: application/json',
'content' => $encryptedEncodedData,
)
));
$api = 'https://api.domain.com/service';
$response = file_get_contents($api, FALSE, $context);
I don't know what is reason for this warning.
I decided to disable peer verfy until my admins will fix problem with cert and I changed $context following:
$context = stream_context_create(array(
'http' => array(
'method' => 'POST',
'header' => 'Content-Type: application/json',
'content' => $encryptedEncodedData,
'verify_peer' => false,
'verify_peer_name' => false,
),
)
);
But still not working. Did I do this correct? Getting same Warning.
There seems to be something wrong with the SSL certificate.
But the settings is changed in php 5.6 you can fix this by ignoring the verification, or when you have a self signed certificate allow_self_signed can be related.
stream_context_create($ourStuff, ['verify_peer' => false]);
More information and settings: http://php.net/manual/en/context.ssl.php
Which is referred to from http://php.net/manual/en/function.stream-context-create.php
Note that disabling validation can be a security risk, and should be only done if you know what you are doing.
The default value of verify_peer has been changed to true
in newer php versions (>= 5.6). Which means there was always a security risk.
As noted by deceze you should only do this when you are sure all other things are correctly like your own php configuration:
Step 1: test the remote certificate whether it's valid using openssl CLI tool or whatever other methods you prefer. If remote cert is fine.
Step 2: figure out why PHP can't accept it. If it's because PHP has problems validating wildcard certs, see if there's some fix for that. Or if it's because PHP doesn't have a local CA store, which is easy to fix.
Step 3: disable peer verification.
I know this is old, but I just recently in my life had to deal with this issue and found a solution, so I'm posting it through the web to help others:
I had the same problem and spent countless hours looking for an answer. I hope that I can help the community of developers by sharing the solution to the swift_transportexception connection issue. Here it is...
Make the following adjustment to your .env file:
MAIL_DRIVER=sendmail
MAIL_HOST=YOUR_DOMAIN.COM
MAIL_PORT=465
MAIL_USERNAME=YOUR_EMAIL@YOUR_DOMAIN.COM
MAIL_PASSWORD=YOUR_PASSWORD
MAIL_ENCRYPTION=ssl
MAIL_FROM_ADDRESS=YOUR_EMAIL@YOUR_DOMAIN.COM
MAIL_FROM_NAME="${APP_NAME}"
Make sure your DNS records is set to: MX - @ - mail.YOUR_DOMAIN.COM - Priority 0
Temporary fixing:
$context = stream_context_create(array(
'http' => array(
'method' => 'POST',
'header' => 'Content-Type: application/json',
'content' => $encryptedEncodedData,
),
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
)
);
Thanks for everyone
This works for me. The key was setting 'allow_self_signed' to TRUE.
stream_context_set_default(array(
'ssl' => array(
'peer_name' => 'generic-server',
'verify_peer' => FALSE,
'verify_peer_name' => FALSE,
'allow_self_signed' => TRUE
)));
$response = file_get_contents($url, FALSE);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With