FeedBundle icon indicating copy to clipboard operation
FeedBundle copied to clipboard

Published 20 hours ago verified publisher icon eko

[Reader] Unable to enable crypto on TCP connection

Open lethak opened this issue 10 years ago • 5 comments

Problem

Sometimes you can get an error when trying to request a feed using https.

 [Zend\Http\Client\Adapter\Exception\RuntimeException]                                       
  Unable to enable crypto on TCP connection domain.tld: make sure the "sslca  
  file" or "sslcapath" option are properly set for the environment.                           

  [ErrorException]                                                                          
  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:  
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Workaround

If you doesn't care about SSL certificates you can do this:

Using ...

use Zend\Feed\Reader\Reader as ZendFeedReader;
use Zend\Http\Client as ZendHttpClient;

Controller / Command:

        /** @var \Eko\FeedBundle\Feed\Reader $FeedReader */
        $FeedReader = $this->getContainer()->get('eko_feed.feed.reader');


        $httpClientOptions = array(
            'adapter'      => 'Zend\Http\Client\Adapter\Socket',
            'persistent'=>false,

            'sslverifypeer' => false,
            'sslallowselfsigned' => true,
            'sslusecontext'=>true,

            'ssl' => array(
            'verify_peer' => false,
            'allow_self_signed' => true,
            'capture_peer_cert' => true,
            ),

            'useragent' => 'Feed Reader',
        );

        ZendFeedReader::setHttpClient(new ZendHttpClient(null, $httpClientOptions));

        /** @var \Zend\Feed\Reader\Feed\FeedInterface $Feed */
        $Feed = $FeedReader->load('domain.tld/rss')->get();

lethak avatar Apr 29 '15 00:04 lethak

Hi @lethak,

Thank you for this workaround about SSL, I've never had the use case.

I think the principal option needed here is sslverifypeer in order to do not check the certificate?

eko avatar Apr 29 '15 16:04 eko

Since I am testing from localhost / windows without proper SSL environment setup, this is the idea yes.

Depending on the adapter (curl or socket) and zf version, it may be verify_peer instead of sslverifypeer This workaround is tested and working. I found it a while ago using Zend Http Client and just stumbled on it again trying your bundle.

Since you are not providing an instance of ZendHttpClient from your FeedReader to ZendFeedReader, this last one is falling back to a default ZendHttpClient, modifiable via the static method ZendFeedReader::setHttpClient.

A more elegant solution could be to have a public function from FeedReader to set the http client options there.

I will make a pull request when able in the near future. Good work on your bundle by the way, it looks like it will help me gain a lot of time :)

lethak avatar Apr 30 '15 03:04 lethak

Alright, I understand the issue.

You're welcome to submit a pull request in order to add parameters to provide ZendHttpClient/parameters.

Let me know if you haven't enough time to work on it, I can try to find some.

Thank you for pointing out this issue!

eko avatar May 03 '15 17:05 eko

Do you have any update on this issue? I have used the workaround by @lethak and it works. This issue i found in "eko/feedbundle": "^1.2".

Thanks and have a great day!

dunglehome avatar Jun 01 '16 17:06 dunglehome

Unfortunately I had/will not have time to implement a solution in a pull request anytime soon, sorry. You can feel free to do so if it was not solved already ;)

lethak avatar Jun 27 '16 14:06 lethak