Self signed certificates and cURL

[heaterC]

Ich würde das Script gern mit einer lokalen NextCloud-Server verwenden, der ein selbst-signiertes Zertifikat verwendet. Curl akzeptiert dies nicht (in der bash würde ich curl -k verwenden). Wäre das möglich, diese Option zu integrieren?

[heaterC]

I'd like to put a curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); somewhere, but I can't figure out where - could you please give me a hint? The function doPostForm in Api.php does not seem to be called (it would be the place to set cURL options otherwise)?

[andig]

Gar nicht- wir verwenden Guzzle als HTTP Client: http://docs.guzzlephp.org/en/stable/request-options.html#verify

Sinnvollerweise sollte dafür die Initialisierung von Client oder Request dafür in eine Funktion ausgelagert werden.

[heaterC]

Das verstehe ich dann nicht, ich bekomme eine Fehlermeldung von cURL:

In CurlFactory.php line 186:                                                                                                                        

cURL error 60: SSL certificate problem: self signed certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

(Aufruf von php carddav2fb.php run)

[heaterC]

Aha, gefunden: Guzzle nutzt selber cURL: http://docs.guzzlephp.org/en/stable/faq.html?highlight=curl

Guzzle has historically only utilized cURL to send HTTP requests. cURL is an amazing HTTP client (arguably the best), and Guzzle will continue to use it by default when it is available.

Dann schaue ich mal weiter...

[OnlineArts]

@heaterC You could create a similar solution like #81 for you.

[andig]

Once #78 is implemented these could be passed as additional options to Guzzle

[heaterC]

Sorry I don't seem to find my way through your code... :-( I think what is needed is (according to Guzzle docs )

// Use the system's CA bundle (this is the default setting)
$client->request('GET', '/', ['verify' => true]);

// Use a custom SSL certificate on disk.
$client->request('GET', '/', ['verify' => '/path/to/cert.pem']);

// Disable validation entirely (don't do this!).
$client->request('GET', '/', ['verify' => false]);

an option controllable via the config.php file for the download process on the CardDAV server. My server is private and not accessible via internet so it's not possible for me to create an officially signed certificate...

[andig]

Please check if https://github.com/andig/carddav2fb/pull/103 works for you for the SSL cert handling.

[heaterC]

Hi @andig , I tried branch #104, thanks a lot, the download is now working perfectly, I got an error on upload to the Fritzbox though:

PHP Fatal error:  Uncaught Error: Call to protected method Andig\FritzBox\Api::login() from context '' in /root/andig-carddav2fb/carddav2fb/src/functions.php:362
Stack trace:
#0 /root/andig-carddav2fb/carddav2fb/src/RunCommand.php(95): Andig\upload('<?xml version="...', Array)
#1 /root/andig-carddav2fb/carddav2fb/vendor/symfony/console/Command/Command.php(255): Andig\RunCommand->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#2 /root/andig-carddav2fb/carddav2fb/vendor/symfony/console/Application.php(953): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#3 /root/andig-carddav2fb/carddav2fb/vendor/symfony/console/Application.php(248): Symfony\Component\Console\Application->doRunCommand(Object(Andig\RunCommand), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#4 /root/andig-carddav2fb/carddav2fb/vendo in /root/andig-carddav2fb/carddav2fb/src/functions.php on line 362

I hope this is not due to non-existant photos on any USB drive (how should I handle parameters in this case?).

[churchy16]

I have the same error just now. There is still a bug in Api.php: protected function login() can't be called from functions.php with $fritz->login(); due to its declaration as "protected". So it doesn't have to do anything with missing picture files etc. @andig please fix...

[andig]

Fixed and merged. If anything else pops up I'll continue from master