search

metaregistrar / php-epp-client

Object-oriented PHP EPP Client
https://www.metaregistrar.com/docs/
MIT License
214 stars 160 forks source link

Timeout #30

Closed karborator closed 8 years ago

karborator commented 8 years ago

Hello , I have problem when try to connect via ssl:

Warning: fsockopen(): unable to connect to ssl://domain.com (Connection timed out) in metaregistrar/php-epp-client/Protocols/EPP/eppConnection.php on line 290

Is that possible because of vhost configuration . For example something that should be set to send certificate on request or ?

Thanks

metaregistrar commented 8 years ago

Hi,

Which registry are you connecting to? Depending on the registry you might have to use ssl://epp.registryname or just epp.registryname

For example for IIS.SE (Sweden) we just use epp.iis.se (without SSL), but we specify a 'certificatefile' and 'certificatepassword' in the INI files.

And for some other providers we use eppHttpsConnection as a connection default and then we also do not specify ssl:// in the hostname of the epp service.

And is your IP address whitelisted at the registry side? Most registries will not allow connection if you have not whitelisted your IP addresses with them.

Vriendelijke groeten/kind regards,

Ewout de Graaf Metaregistrar

2016-04-13 10:31 GMT+02:00 karborator notifications@github.com:

Hello , I have problem when try to connect via ssl:

Warning: fsockopen(): unable to connect to ssl://domain.com (Connection timed out) in metaregistrar/php-epp-client/Protocols/EPP/eppConnection.php on line 290

Is that possible because of vhost configuration . For example something that should be set to send certificate on request or ?

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/metaregistrar/php-epp-client/issues/30

karborator commented 8 years ago

Yes I understand I'm trying to connect to epptest.ficora.fi ( registry ) My Ip address is whitelisted now , but still can't connect . They want to authenticate via certificate , through their ui I upload .crt certificate .

    $conn = new eppConnection();
    $conn->setHostname('epptest.ficora.fi');
    $conn->setPort(700);
    $conn->setUsername('***********');
    $conn->setPassword('***********');
    // I also try to send: .pem , .pub, .key
    $realPath = realpath(__DIR__.'/../../../../../../../data/keys/ficora.crt');         
    if(!$realPath){
        throw new \Exception();
    }
    $conn->enableCertification($realPath, '');
    $conn->connect();
    return $conn->login();

"Warning: stream_socket_client(): unable to connect to ssl://epptest.ficora.fi:700 (Connection timed out) in eppConnection.php on line 278"

"Error connecting to ssl://epptest.ficora.fi:700: Connection timed out (code 110 )"

When I try with eppHttpsConnection , following message appears:

"Error occurred while executing CURL 58: unable to set private key file: 'path-to/data/keys/ficora.cert' type PEM"

"Error occurred while executing CURL 58: unable to use client certificate (no key found or wrong pass phrase?)"

$conn = new eppHttpsConnection();
    $conn->setHostname('epptest.ficora.fi');
    $conn->setPort(700);
    $conn->setUsername('***********');
    $conn->setPassword('***********');
    // I also try to send: .pem , .pub, .keys
    $realPath = realpath(__DIR__.'/../../../../../../../data/keys/ficora.crt');
    if(!$realPath){
        throw new \Exception();
    }
    $conn->enableCertification($realPath, '');
    $conn->connect();
    return $conn->login();
metaregistrar commented 8 years ago

Hi,

I have committed a small change to allow for certificate files without a password. Maybe you should try $conn->enableCertification($realPath, null); In that case i will not set a password for the certificate file.

The stream_set_context command that i use in PHP specifies: PEM file only, so you cannot use a .cert or .key file http://php.net/manual/en/context.ssl.php

Also, can you try enabling logging, so you can see what happens? To enable logging, use $conn = new eppConnection(true);

Vriendelijke groeten/kind regards,

Ewout de Graaf Metaregistrar

2016-04-15 12:56 GMT+02:00 karborator notifications@github.com:

Yes I understand I'm trying to connect to epptest.ficora.fi ( registry ) My Ip address is whitelisted now , but still can't connect . They want to authenticate via certificate , through their ui I upload .crt certificate .

$conn = new eppConnection();
$conn->setHostname('epptest.ficora.fi');
$conn->setPort(700);
$conn->setUsername('***********');
$conn->setPassword('***********');
// I also try to send: .pem , .pub, .key
$realPath = realpath(__DIR__.'/../../../../../../../data/keys/ficora.crt');
if(!$realPath){
    throw new \Exception();
}
$conn->enableCertification($realPath, '');
$conn->connect();
return $conn->login();

"Warning: stream_socket_client(): unable to connect to ssl:// epptest.ficora.fi:700 (Connection timed out) in eppConnection.php on line 278"

"Error connecting to ssl://epptest.ficora.fi:700: Connection timed out

(code 110 )"

When I try with eppHttpsConnection , following message appears:

"Error occurred while executing CURL 58: unable to set private key file: '/var/www/html/ApiHawk/PrimeEngine/data/keys/ficora.cert' type PEM" "Error occurred while executing CURL 58: unable to use client certificate (no key found or wrong pass phrase?)"

$conn = new eppHttpsConnection(); $conn->setHostname('epptest.ficora.fi'); $conn->setPort(700); $conn->setUsername('**'); $conn->setPassword('******'); // I also try to send: .pem , .pub, .keys $realPath = realpath(DIR.'/../../../../../../../data/keys/ficora.crt'); if(!$realPath){ throw new \Exception(); } $conn->enableCertification($realPath, ''); $conn->connect(); return $conn->login();

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/metaregistrar/php-epp-client/issues/30#issuecomment-210414185

karborator commented 8 years ago

==== LOG ===={"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html","title":"Caught exception","status":500,"detail":"Error connecting to ssl://epptest.ficora.fi:700: Connection timed out (code 110)"}

metaregistrar commented 8 years ago

A connection timeout would still indicate firewall problems, server is not responding to packets. Otherwise there would be SSL certificate problems or sudden disconnects.

Are you sure port 700 is correct?

Vriendelijke groeten/kind regards,

Ewout de Graaf Metaregistrar

2016-04-15 16:23 GMT+02:00 karborator notifications@github.com:

==== LOG ===={"type":" http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html","title":"Caught exception","status":500,"detail":"Error connecting to ssl:// epptest.ficora.fi:700: Connection timed out (code 110)"}

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/metaregistrar/php-epp-client/issues/30#issuecomment-210481272

karborator commented 8 years ago

Yes the port they told me is 700

Could you please show how to generate certificate

Thanks

metaregistrar commented 8 years ago

Hi,

The best thing is to ask FICORA which certificates they accept and how to generate.

We mostly use cacert.org to generate certificates. From cacert.org you get a public key and a private key.

The private key is stored in a PEM file and is used with php-epp-client.

The public key is sent to FICORA and they install that key in their EPP system.

When you make contact, the private and public keys match and you have an EPP connection.

Vriendelijke groeten/kind regards,

Ewout de Graaf Metaregistrar

2016-04-15 17:40 GMT+02:00 karborator notifications@github.com:

Yes the port they told me is 700

Could you please show how to generate certificate

Thanks

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/metaregistrar/php-epp-client/issues/30#issuecomment-210511156

karborator commented 8 years ago

Ok thank you , will contact them :+1:

lazmo88 commented 7 years ago

Hi there, I am facing similar issues. It seems to me that Ficora requires the private key and the certificate during the authentication. Can this be true? I am able to establish openssl connection only when key and certificate is sent within the connection request.

I could not find a way to specify private key and certificate within the settings.ini file.

Any advise would be welcome.

metaregistrar commented 7 years ago

You can specify a key file (.PEM extension) with the following keywords in de .INI file:

interface=iisEppConnection hostname=epp.iis.nu port=700 userid= password= certificatefile=/storage/epp/settings/certlive.pem certificatepassword=xxxxxxxxxx

metaregistrar commented 7 years ago

This example was for .SE of course, not for Ficora.

lazmo88 commented 7 years ago

Thanks! The issue was not specifying the key file, I did it directly with $conn->enableCertification('path-to/private.pem', null); - what has not specified anywhere tho was that you need to authenticate with key & certificate against Ficora. I was only trying with me private key, instead of key + certificate combined.

metaregistrar commented 7 years ago

So it works now?

lazmo88 commented 7 years ago

Yes indeed it does work now, I am able to auth and connect to Ficora and even register domains. Is there further documentation available for the repo somewhere? I am struggling a bit using the ready-made extensions and how to deploy them with the examples... Some functions like creating contact seem to be registry specific.

metaregistrar commented 7 years ago

It is difficult to make documentation when the requirements from the various registries vary wildly. The best you can do is make use of a good IDE, and if the functions in the various extensions are documented properly, the IDE will make it simple for you to use the functions, it will prompt you with the function and the variables.

lazmo88 commented 7 years ago

@metaregistrar True that, can you confirm that I have enabled ficora extension correctly? For some reason I am receiving errors when using the example ficora.php file under Registries folder.

(1:515)# php ficora.php Checking balance PHP Fatal error: Uncaught Error: Class 'Metaregistrar\EPP\ficoraEppCheckBalanceRequest' not found in /var/www/epp/epp2/Registries/ficoraEppConnection/ficora.php:73 Stack trace:

0 /var/www/epp/epp2/Registries/ficoraEppConnection/ficora.php(43): checkbalance(Object(Metaregistrar\EPP\eppConnection))

1 {main}

thrown in /var/www/epp/epp2/Registries/ficoraEppConnection/ficora.php on line 73

I have tried following ways of loading ficora extension: use Metaregistrar\EPP\ficoraEppConnection; include_once('/var/www/epp/epp2/Registries/ficoraEppConnection/eppConnection.php'); if ($conn = ficoraEppConnection::create('/var/www/epp/epp2/Examples/settings.ini', true)) {

However everytime I face issues with missing classes which are specified in the Registries/ficoraEppConnection/eppConnection.php file.

Could you advise how to correctly use the extensions? Thanks :)

metaregistrar commented 7 years ago

If you look in the file Registries/ficoraEppConnection, there are 2 things important:

parent::addExtension('ficora','http://www.ficora.fi/epp/ficora');

This will seek in the directory Protocols/EPP/eppExtensions/ficora for a file 'includes.php' and use this file. So if any objects are missing, they must be missing from this file. I see that include_once(dirname(FILE) . '/eppRequests/ficoraEppCheckBalanceRequest.php'); is in the file, so the objects should be present.

parent::addCommandResponse('Metaregistrar\EPP\ficoraEppCheckBalanceRequest',

'Metaregistrar\EPP\ficoraEppCheckBalanceResponse');

This connects the 'ficoraEppCheckBalanceRequest' to 'ficoraEppCheckBalanceResponse', making sure that when a XML response is received, the response is placed in the correct object for you to be used.

We do not have an active account with Ficora, so it is difficult for us to test the Ficora connection, we rely on our contributors to make it work.

vincentdecarpigny commented 7 years ago

Hello all,

i do confirm ficora connection is running well.

for my part i have implemented it befor the major changes done on the repo, so i had to create request/response pairs that are unnecessary now. nonetheless i send the files attached in a rar.

for balance checking it is dead simple :

$check = new Metaregistrar\EPP\ficoraEppCheckBalanceRequest(); if ($response = $conn->writeandread($check)) { print_r("BALANCE IS ".$response->getBalanceAmount()." ON ".$response->getBalanceDate()); }

@lazmo88 : use Metaregistrar\EPP\ficoraEppConnection ??? should be use Metaregistrar\EPP

Best regards, Vincent

2017-08-24 10:01 GMT+02:00 Ewout de Graaf notifications@github.com:

If you look in the file Registries/ficoraEppConnection, there are 2 things important:

parent::addExtension('ficora','http://www.ficora.fi/epp/ficora');

This will seek in the directory Protocols/EPP/eppExtensions/ficora for a file 'includes.php' and use this file. So if any objects are missing, they must be missing from this file. I see that include_once(dirname(FILE) . '/eppRequests/ ficoraEppCheckBalanceRequest.php'); is in the file, so the objects should be present.

parent::addCommandResponse('Metaregistrar\EPP\ ficoraEppCheckBalanceRequest',

'Metaregistrar\EPP\ficoraEppCheckBalanceResponse');

This connects the 'ficoraEppCheckBalanceRequest' to ' ficoraEppCheckBalanceResponse', making sure that when a XML response is received, the response is placed in the correct object for you to be used.

We do not have an active account with Ficora, so it is difficult for us to test the Ficora connection, we rely on our contributors to make it work.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/metaregistrar/php-epp-client/issues/30#issuecomment-324563168, or mute the thread https://github.com/notifications/unsubscribe-auth/AHF94ilxFzAr0WKmoKh4VjO1AG7HO5-Sks5sbS3NgaJpZM4IGKMj .

GVeidenberg commented 7 years ago

I used letscrypt : my settings.ini looks like this interface=EppConnection hostname=epptest.ficora.fi port=700 userid= password= certificatefile=/etc/letsencrypt/live/myserver/privkey.pem

when using checkdomain.php, I get this error: PHP Warning: stream_socket_client(): Unable to set local cert chain file `/etc/letsencrypt/live/myserver/privkey.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/html/EPPtest/Protocols/EPP/eppConnection.php on line 370 PHP Warning: stream_socket_client(): Failed to enable crypto in /var/www/html/EPPtest/Protocols/EPP/eppConnection.php on line 370 PHP Warning: stream_socket_client(): unable to connect to ssl://epptest.ficora.fi:700 (Unknown error) in /var/www/html/EPPtest/Protocols/EPP/eppConnection.php on line 370 ERROR: Error connecting to ssl://epptest.ficora.fi:700: (code 0)

Where myserver is my host. Can anybody help? why thsi dosen`t work?

GVeidenberg commented 7 years ago

Apache error log shows: [Thu Oct 12 16:05:05.374864 2017] [ssl:warn] [pid 4400] AH01909: v:443:0 server certificate does NOT include an ID which matches the server name [Thu Oct 12 16:05:05.377205 2017] [mpm_prefork:notice] [pid 4400] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -$ [Thu Oct 12 16:05:05.377229 2017] [core:notice] [pid 4400] AH00094: Command line: '/usr/sbin/apache2'

vincentdecarpigny commented 7 years ago

Hello GVeidenberg,

make sure your pem fils is containing both KEY and CERT

-----BEGIN PRIVATE KEY----- [BLAHBLAHMYPRIVATEKEY] -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- [BLAHBLAHMYCERT] -----END CERTIFICATE-----

also /etc/letsencrypt/live/myserver/privkey.pem is only a path to your pem file

i'm not using a .ini file

my connexion script is like that :

$conn = new Metaregistrar\EPP\ficoraEppConnection($debug); //$conn->setHostname('epptest.ficora.fi'); // Hostname may vary depending on the registry selected $conn->setHostname('epp.domain.fi'); // Hostname may vary depending on the registry selected $conn->setPort(700); // Port may vary depending on the registry selected $conn->setTimeout(200); $conn->setUsername('A00'); $conn->setPassword('XXXXXX');

$realPath = realpath('/var/mypath/ficora/server.pem'); if (!$realPath) { throw new Exception(); } $conn->enableCertification($realPath, null);

if ($conn->connect()) { etc...

Hope this helps Vincent

2017-10-12 15:17 GMT+02:00 GVeidenberg notifications@github.com:

Apache error log shows: [Thu Oct 12 16:05:05.374864 2017] [ssl:warn] [pid 4400] AH01909: v:443:0 server certificate does NOT include an ID which matches the server name [Thu Oct 12 16:05:05.377205 2017] [mpm_prefork:notice] [pid 4400] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -$ [Thu Oct 12 16:05:05.377229 2017] [core:notice] [pid 4400] AH00094: Command line: '/usr/sbin/apache2'

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/metaregistrar/php-epp-client/issues/30#issuecomment-336132809, or mute the thread https://github.com/notifications/unsubscribe-auth/AHF94gadGE17Hj3RqmQpJmGf_z7XIwIBks5srhFTgaJpZM4IGKMj .

GVeidenberg commented 7 years ago

Thanks. I got it to work :) My cert did not have key and cert in it. Do you have working script for creating contact? and update contact, I can`t get it to work

mathieu-gilloots commented 1 year ago

@vincentdecarpigny @GVeidenberg Is the EPPTest of ficora still working on your side ? IP Whitelisted (confirmed with them), and I'm not able to reach the server (connection timeout). I can telnet / ping the production environnement (epp.domain.fi) but not the test env : epptest.ficora.fi.

Thanks.