search

edamov / pushok

PHP client for Apple Push Notification Service (APNs) - Send push notifications to iOS using the new APNs HTTP/2 protocol with token-based (JWT with p8 private key)
MIT License
378 stars 120 forks source link

Not able to send pushes since April 1st #136

Closed jusefjames closed 3 years ago

jusefjames commented 3 years ago

Hi, i am trying to get my push notifications work again since Apples changes on 1st April. I read all the existing issues and tried everything what's suggested there but I always get this error:

`PHP Fatal error: Uncaught Exception: NSS: client certificate not found (nickname not specified) in .../edamov/pushok/src/Client.php:161 Stack trace:

0 .../push.php(106): Pushok\Client->push()

1 {main}

thrown in ...edamov/pushok/src/Client.php on line 161`

I tried putting curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); in Client.php and also adding this: $client = new Client($authProvider, $production = true, [CURLOPT_CAPATH => '/pathToCerts/']); like mentioned in https://github.com/edamov/pushok/issues/128#issuecomment-779872873 still no luck

When i try curl --http2 https://google.com I get a valid response.

For curl --http2 https://api.push.apple.com I get the same error curl: (1) NSS: client certificate not found (nickname not specified) but openssl s_client -showcerts -connect api.push.apple.com:443 looks ok for me and the output ends with Verify return code: 0 (ok)

I am using curl 7.76.0 OpenSSL 1.0.2k-fips PHP 7.3.27

If anyone has a tip for me what I could try that would be great. Thanks.

edamov commented 3 years ago

Seems something wrong with path name where certificate is located. You should change /pathToCerts by real path from you environment: $client = new Client($authProvider, $production = true, [CURLOPT_CAPATH => '/pathToCerts/']);

jusefjames commented 3 years ago

Hi, thanks for your quick reply. I used the real path name, just changed it to something shorter for this post. The certificates are located at the same location as my .p8 file: /var/www/virtual/myusername/AuthKey_xxxxxxx.p8 It's a shared hosting server. Do the files need special permissions? The .p8 file has 644, the certificates *.0 have 644

jusefjames commented 3 years ago

Hi, I got a little forward on that. Seems like the problem here is that curl was built with NSS and not openSSL. If I build a new curl '--without-nss' (before I had to build nghttp2 also) and using this one I am able to connect to api.push.apple.com without any problems. But PHP is using the default one with NSS and therefore it always fails. I worked around by not using this library and call my custom built curl from php with exec() but that's far away from ideal.

jusefjames commented 3 years ago

Hi, just a quick update: The issue was related to curl 7.76.0 release which was done on 31st March (close to apples changes on 1st April). Thats why I thought this was because of Apple´s changes. But the release of curl 7.76.0 broke http2 support for many ssl backends like NSS (not OpenSSL). See this for details: https://daniel.haxx.se/blog/2021/04/14/curl-7-76-1-h2-works-again/ Now with a patch release curl 7.76.1 from yesterday everything is working.