search

eko / FeedBundle

A Symfony bundle to build RSS feeds from your entities
http://vincent.composieux.fr
MIT License
141 stars 50 forks source link

[Reader] Unable to enable crypto on TCP connection #51

Open lethak opened 9 years ago

lethak commented 9 years ago

Problem

Sometimes you can get an error when trying to request a feed using https.

 [Zend\Http\Client\Adapter\Exception\RuntimeException]                                       
  Unable to enable crypto on TCP connection domain.tld: make sure the "sslca  
  file" or "sslcapath" option are properly set for the environment.                           

  [ErrorException]                                                                          
  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:  
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Workaround

If you doesn't care about SSL certificates you can do this:

Using ...

use Zend\Feed\Reader\Reader as ZendFeedReader;
use Zend\Http\Client as ZendHttpClient;

Controller / Command:

        /** @var \Eko\FeedBundle\Feed\Reader $FeedReader */
        $FeedReader = $this->getContainer()->get('eko_feed.feed.reader');

        $httpClientOptions = array(
            'adapter'      => 'Zend\Http\Client\Adapter\Socket',
            'persistent'=>false,

            'sslverifypeer' => false,
            'sslallowselfsigned' => true,
            'sslusecontext'=>true,

            'ssl' => array(
            'verify_peer' => false,
            'allow_self_signed' => true,
            'capture_peer_cert' => true,
            ),

            'useragent' => 'Feed Reader',
        );

        ZendFeedReader::setHttpClient(new ZendHttpClient(null, $httpClientOptions));

        /** @var \Zend\Feed\Reader\Feed\FeedInterface $Feed */
        $Feed = $FeedReader->load('domain.tld/rss')->get();
eko commented 9 years ago

Hi @lethak,

Thank you for this workaround about SSL, I've never had the use case.

I think the principal option needed here is sslverifypeer in order to do not check the certificate?

lethak commented 9 years ago

Since I am testing from localhost / windows without proper SSL environment setup, this is the idea yes.

Depending on the adapter (curl or socket) and zf version, it may be verify_peer instead of sslverifypeer This workaround is tested and working. I found it a while ago using Zend Http Client and just stumbled on it again trying your bundle.

Since you are not providing an instance of ZendHttpClient from your FeedReader to ZendFeedReader, this last one is falling back to a default ZendHttpClient, modifiable via the static method ZendFeedReader::setHttpClient.

A more elegant solution could be to have a public function from FeedReader to set the http client options there.

I will make a pull request when able in the near future. Good work on your bundle by the way, it looks like it will help me gain a lot of time :)

eko commented 9 years ago

Alright, I understand the issue.

You're welcome to submit a pull request in order to add parameters to provide ZendHttpClient/parameters.

Let me know if you haven't enough time to work on it, I can try to find some.

Thank you for pointing out this issue!

dunglehome commented 8 years ago

Do you have any update on this issue? I have used the workaround by @lethak and it works. This issue i found in "eko/feedbundle": "^1.2".

Thanks and have a great day!

lethak commented 8 years ago

Unfortunately I had/will not have time to implement a solution in a pull request anytime soon, sorry. You can feel free to do so if it was not solved already ;)