带有 SSL 证书的 PHP SOAP 客户端
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27062639/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP SOAP client with certificates over SSL
提问by Ben Fransen
I'm trying to set up a Soap client with the following code:
我正在尝试使用以下代码设置 Soap 客户端:
<?php
$wsdl = 'https://domain.com/?wsdl';
$endpoint = 'https://domain.com';
$certificate = dirname(__FILE__) . '/CertWithKey.pem';
$password = 'pwd';
$options = array(
'location' => $endpoint,
'keep_alive' => true,
'trace' => true,
'local_cert' => $certificate,
'passphrase' => $password,
'cache_wsdl' => WSDL_CACHE_NONE
);
try {
$soapClient = new SoapClient($wsdl, $options);
} catch(Exception $e) {
var_dump($e);
}
I was given a .p12 key-file with a .crt certification file. Using openssl I've converted the .p12-file to a .pem-file and then merged it with the .crt-file. The CertWithKey.pem looks good to me, two certificate-blocks are in the file.
我得到了一个带有 .crt 认证文件的 .p12 密钥文件。使用 openssl 我已将 .p12 文件转换为 .pem 文件,然后将其与 .crt 文件合并。CertWithKey.pem 对我来说看起来不错,文件中有两个证书块。
No matter what I try to do, I keep getting an exception with the message SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://domain.com/?wsdl' : failed to load external entity "https://domain.com/?wsdl".
无论我尝试做什么,我都会收到消息异常SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://domain.com/?wsdl' : failed to load external entity "https://domain.com/?wsdl"。
After phoning with the remote party they acknowlegde that a request is coming in but they're logging this error: ssl handshake interrupted by system [hint: stop button pressed in browser?!].
在与远程方通话后,他们确认有请求正在传入,但他们正在记录此错误:ssl handshake interrupted by system [hint: stop button pressed in browser?!]。
Since I didn't find any useful information on the net so far I figured to ask you guys for some insight on the matter.
由于到目前为止我没有在网上找到任何有用的信息,所以我想请教大家对此事的一些见解。
Any suggestions what can be tried? I'm running PHP 5.3.8 and the server's IP-address is white listed in the firewall at the remote party.
有什么建议可以尝试吗?我正在运行 PHP 5.3.8,并且服务器的 IP 地址在远程方的防火墙中被列入白名单。
回答by Ben Fransen
I've fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:
我已经解决了这个问题。我认为,由于有关此问题的问题数量和不同解决方案的数量,其他人将从该解决方案中受益。开始:
I used the opensslCLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.
我使用opensslCLI 程序将 .p12 密钥文件转换为 .pem 密钥文件。诀窍是转换发生的方式。
First I converted it with this command and I had the issue as described in the question:
首先,我用这个命令转换了它,我遇到了问题中描述的问题:
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
While the command below did the actual trick:
虽然下面的命令做了实际的技巧:
openssl pkcs12 -in key.p12 -out key.pem -clcerts
openssl pkcs12 -in key.p12 -out key.pem -clcerts
For more info please see the source I used: https://community.qualys.com/docs/DOC-3273
有关更多信息,请参阅我使用的来源:https: //community.qualys.com/docs/DOC-3273
回答by rcsalvador
Same suggestions:
同样的建议:
I use SoapClient to connect with SSL services, and all works fine without specify "endpoint" URL. Then I recommend you try without this option;
The php SoapClient has a option named "ssl_method" where you can change some variation of this protocol. Try change/specify this param if you know what protocol is used;
Specify "verifypeer => false" and "verifyhost => false" on params list;
我使用 SoapClient 连接 SSL 服务,一切正常,无需指定“端点”URL。那么我建议您尝试不使用此选项;
php SoapClient 有一个名为“ssl_method”的选项,您可以在其中更改此协议的某些变体。如果您知道使用的是什么协议,请尝试更改/指定此参数;
在参数列表中指定“verifypeer => false”和“verifyhost => false”;
