0

When making a POST request to a server with an invalid SSL certificate ( Cloudflare has to reissue the certificate ), Artax returns the following error:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I have attempted to use 

$client->setOption('tlsOptions', [
    'verify_peer' => FALSE,
]);

and

$request->setOption('tlsOptions', [
    'verify_peer' => FALSE,
]);

However in both cases errors are thrown.

Can anyone shed light on the correct method to disable peer verification with Artax?

Update

I've tried both:

$client->setAllOptions([
    'tlsOptions' => [
        'verify_peer' => FALSE,
        'allow_self_signed' => TRUE,
    ],
]);

And

$client->setOption('tlsOptions', [
    'verify_peer' => FALSE,
    'allow_self_signed' => TRUE,
]);

Both give me a response of 400 ( Bad Request ).

[status:Artax\Response:private] => 400
        [reason:Artax\Response:private] => Bad Request
        [protocol:Artax\Message:private] => 1.1
        [headers:Artax\Message:private] => Array
            (
                [Date] => Array
                    (
                        [0] => Mon, 19 May 2014 09:50:19 GMT
                    )

                [Server] => Array
                    (
                        [0] => Apache/2.4.9 (Ubuntu)
                    )

                [Content-Length] => Array
                    (
                        [0] => 303
                    )

                [Connection] => Array
                    (
                        [0] => close
                    )

                [Content-Type] => Array
                    (
                        [0] => text/html; charset=iso-8859-1
                    )

            )

        [headerCaseMap:Artax\Message:private] => Array
            (
                [DATE] => Date
                [SERVER] => Server
                [CONTENT-LENGTH] => Content-Length
                [CONNECTION] => Connection
                [CONTENT-TYPE] => Content-Type
            )
kelunik
  • 6,750
  • 2
  • 41
  • 70
bdb.jack
  • 147
  • 1
  • 8
  • Hmm ... I'll look into it ... In the meantime, what version of PHP are you using? I.E. what's the output from `var_dump(PHP_VERSION);` ? –  May 20 '14 at 13:31
  • 5.4.27-1+deb.sury.org~precise+1 – bdb.jack May 20 '14 at 17:19
  • Sorry for the slowness responding here. I've been working on a complete rewrite of the project and should be able to answer this in full in the next couple of days. –  Jul 17 '14 at 18:08
  • There was a bug, so `verify_peer_name` didn't work on versions before PHP 5.6. https://github.com/amphp/socket/releases/tag/v0.9.4 – kelunik Feb 10 '16 at 00:21

2 Answers2

0

Maybe allowing self signed would work :

$client->setOption('tlsOptions', [
    'verify_peer' => FALSE,
    'allow_self_signed' => TRUE,
    ]);
Loïc
  • 11,804
  • 1
  • 31
  • 49
  • Returned: Call to undefined method Artax\Request::setOption() in /home/ias/public_html/wp-content/plugins/ias/core/helper-classes/ias-redmine.php on line 29 – bdb.jack May 19 '14 at 08:57
  • @bdb.jack You need to call `setOption` on the `Client` instance -- not the `Request` instance. –  May 20 '14 at 13:32
0

With the current master branch, the following will bypass the validation:

$client->setOption(Amp\Artax\Client::OP_CRYPTO, [
    "verify_peer" => false,
    "verify_peer_name" => false
]);
kelunik
  • 6,750
  • 2
  • 41
  • 70