file_get_contents ignoring verify_peer=>false?

问题:

file_get_contents with https hosts works just fine, except for a particular host (test api server from some company - ip whitelisted, can't give you URL to test). This rules out not loaded https modules and other initial setup mistakes.

I have tested with multiple PHP installations, all at v5.3.3, 32bits, Debian 32bits.

The request works with cURL, but only if setting curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);. However, setting verify_peer"=>false on the context for file_get_contents seems to make no difference.

With file_get_contents, the exact same request (same URL, same XML POST data) fails with SSL: Connection reset by peer:

$arrContextOptions=array(     "http" => array(         "method" => "POST",         "header" =>              "Content-Type: application/xml; charset=utf-8;\r\n".             "Connection: close\r\n",         "ignore_errors" => true,         "timeout" => (float)30.0,         "content" => $strRequestXML,     ),     "ssl"=>array(         "allow_self_signed"=>true,         "verify_peer"=>false,     ), );  file_get_contents("https://somedomain:2000/abc/", false, stream_context_create($arrContextOptions)); 

.

Has anyone encountered this with file_get_contents? Any ideas how to debug?

回答1:

try this code :

$fp = fsockopen("ssl://somedomain/abc/", 2000 , $ErrNo, $ErrString, 30); if (!$fp) {     echo "Error No : $ErrNo - $ErrString 
\n"; } else {     $out  = "POST / HTTP/1.1\r\n";     $out .= "Host: somedomain \r\n";     $out .= "Content-Type: application/xml; charset=utf-8;\r\n";     $out .= "Connection: Close\r\n\r\n";     fwrite($fp, $out);     while (!feof($fp)) {         echo fgets($fp, 128);     }     fclose($fp); } 

if you don't get error , i think problem (with file_get_contents) is form client php configuration otherwise from server configuration.

回答2:

dont' know if this will actually help, but do try removing the SSL options from your option array.

The reason behind this: according to http://www.php.net/manual/en/context.ssl.php , verify_peer is false by default.

allow_self_signed REQUIRES verify_peer, and is false by default.

From the above, I gather that allow_self_signed probably overrides your setting for verify_peer.

So please try without any option for SSL, or without the allow_self_signed, and let us know if that helped any.

回答3:

You could try to debug this with Wireshark -- you might get a better idea of what goes wrong, you should see which SSL error occurs.

回答4:

only install this

yum install ca-certificates.noarch 

文章来源: file_get_contents ignoring verify_peer=>false?