Closed tassoman closed 8 years ago
Are you writing a Piwik plugin? In this case you can directly access the API without going over HTTP by using the Request::processRequest
method http://developer.piwik.org/api-reference/Piwik/API/Request#processrequest like this https://github.com/piwik/piwik/blob/2.16.0-b2/plugins/SegmentEditor/SegmentList.php#L21-L23
We don't really use Guzzle. It is required by another dependency (I think by AWS-SDK-PHP). It probably requires Guzzle 3 because it's compatible with PHP 5.3+ whereas Guzzle 4 requires PHP 5.4+ and latest version requires PHP 5.5+. So we couldn't really use a newer version for now but we're not using it anyway. Please use Piwik\Http
instead.
Maybe this solves the problem with your certificate and allows you to actually use Http
class http://forum.piwik.org/t/certificate-error-on-update-to-2-12-1-solved-tu/15124/4?u=thomas_piwik . Otherwise we'd need to maybe reopen #7580
Hi @tsteur thank you for your fast reply.
Now I understand using Guzzle\Http\Client
is not the right choice.
I've already tried using Request::processRequest
but it's useful when you're querying the local Piwik's installation. My will is to query staging and production installations from Dev machine, today all them are three different Piwik's versions.
I've also tried setting [curl.cacert]
inside Dev's php.ini configuration but didn't worked, looks like I was missing something.
Doing a raw curl from the shell ended up the certificate chain is missing one cert.
Finally, if sysops can't bring me the full chain certificates I think I sadly need to get rid of verification.
Using Piwik\Http
directly I can't get rid of verification (-k) because of security risk. Do
You think I can extend it by writing Piwik\Plugins\MyPlugin\Http
inside my Dev environment?
You can maybe extend it inside your dev environment. I'm not quite sure about you're setup. So you are working on a plugin for Piwik, and within this plugin you request data from different environments (QA, Test, Prod, ...)?
You could otherwise download maybe another simple library and ship it with your plugin. Eg you can put a library inside your libs
folder of the plugin but you'd need to load it manually.
Doing a raw curl from the shell ended up the certificate chain is missing one cert.
So it seems like there's a problem with certs in general?
Yes the problem is with my certificates chain. So I've managed the thing insecurely avoiding the certificate verification (-k --insecure curl way), it's enough for a Development installation because it works entirely inside the intranet.
I got the things done extending the Piwik\Http
class by Piwik\Plugins\MyPlugin\Https
. Then Piwik\Plugins\MyPlugin\Commands\MyCommand
creates the Https
object.
This Https
object just overrides configCurlCertificate()
by:
public static function configCurlCertificate(&$ch)
{
if (file_exists(PIWIK_INCLUDE_PATH . '/core/DataFiles/cacert.pem')) {
@curl_setopt($ch, CURLOPT_CAINFO, PIWIK_INCLUDE_PATH . '/core/DataFiles/cacert.pem');
}
// This is the insecure way: -k --insecure
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, fasle);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, fasle);
}
Glad to hear :+1:
Ciao! I'm trying to write a plugin that manage HTTP queries to Piwik Reporting APIs. It should verify our staging installation meets production environment.
I've started using
Piwik\HTTP::fetchRemoteFile($urlToFile)
method and I was stuck in the problem exposed somehow in #7580. My problem is our certificate is self-signed instead root public.So I've decided to build myself an HTTPS call without certificate verification :sob: and I discovered
Guzzle\HTTP\Client
using PHPStorm IDEHaving no clue of what am I doing :astonished: I've tried to readthedocs discovering that
$client = new GuzzleHttp\Client();
Then I've ended up there should be «something». A rapid grep of
composer.lock
showed Piwik's Guzzle is still v3 that's now deprecated by v5. Finally, the stable documentation writes about v6.Now I'm confused :confused: