search

ricbra / php-discogs-api

PHP 5.4 Implementation of the Discogs API
MIT License
152 stars 95 forks source link

Problems since Discogs` switch to https #31

Closed davalb closed 8 years ago

davalb commented 8 years ago

This might not be a problem with this library, but maybe somebody here knows what goes wrong here:. I get this error when I use the getRelease call of the API. I get similar errors on other calls as well. Anybody know what is going on? I read on the Discogs forum that they switched to https only yesterday. My Api is configured to call https://api.discogs.com already.

Error executing command: cURL error 35: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Test case: ProductTest(testImportImportedDiscogsRelease)
Stack trace:
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/command/src/AbstractClient.php : 253
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/Event/Emitter.php : 109
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/RequestFsm.php : 140
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/RequestFsm.php : 132
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/react/promise/src/FulfilledPromise.php : 25
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/ringphp/src/Future/CompletedFutureValue.php : 55
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/Message/FutureResponse.php : 43
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/RequestFsm.php : 135
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/RequestFsm.php : 132
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/react/promise/src/FulfilledPromise.php : 25
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/ringphp/src/Future/CompletedFutureValue.php : 55
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/Message/FutureResponse.php : 43
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/RequestFsm.php : 135
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/guzzle/src/Client.php : 165
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/command/src/AbstractClient.php : 88
/Users/uscreen/Sites/buyreggae-2.0/app/Vendor/guzzlehttp/command/src/AbstractClient.php : 76
/Users/uscreen/Sites/buyreggae-2.0/app/Test/Case/Model/ProductTest.php : 275
ricbra commented 8 years ago

Hi @davalb

The error message suggests that the client is stil relying on SSLV3 but the server doesn't allow that anymore. What version of openssl are you using?

davalb commented 8 years ago

Hi @ricbra , I use OpenSSL 1.0.1f 6 Jan 2014 . Do you know if that version is sufficient? Thanks

davalb commented 8 years ago

Sorry, that was wrong. The error-message was from my local development-machine which uses only OpenSSL 0.9.8zg 14 July 2015.

ricbra commented 8 years ago

I'm also running OpenSSL 0.9.8zg 14 July 2015 so that shouldn't be the problem.

Guess something is wrong with curl or php config?

I also tried https, and it worked.

gopatrik commented 8 years ago

Same problem.

ricbra commented 8 years ago

What's the output of a manual curl call like this:

$ curl -v https://api.discogs.com/                                                                                                                                             
*   Trying 216.151.17.131...
* Connected to api.discogs.com (216.151.17.131) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.discogs.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> GET / HTTP/1.1
> Host: api.discogs.com
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.8.1
< Date: Thu, 24 Mar 2016 08:34:00 GMT
< Content-Type: application/json
< Content-Length: 196
< Connection: keep-alive
< X-Discogs-Media-Type: discogs.v2
< Cache-Control: public, must-revalidate
< Access-Control-Allow-Origin: *
< 
* Connection #0 to host api.discogs.com left intact
{"documentation_url": "http://www.discogs.com/developers/", "statistics": {"labels": 864887, "releases": 6977589, "artists": 4344451}, "hello": "Welcome to the Discogs API.", "api_version": "2.0"}
suprb commented 8 years ago

Tried it on two different servers:

* About to connect() to api.discogs.com port 443 (#0)
*   Trying 216.151.17.131... connected
* Connected to api.discogs.com (216.151.17.131) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12286
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

Seems like the problem is TLS vs SSL

davalb commented 8 years ago

When I try the curl command, I get a succesfull response

curl -v https://api.discogs.com/
*   Trying 216.151.17.131...
* Connected to api.discogs.com (216.151.17.131) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.discogs.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> GET / HTTP/1.1
> Host: api.discogs.com
> User-Agent: curl/7.47.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.8.1
< Date: Sat, 26 Mar 2016 20:23:00 GMT
< Content-Type: application/json
< Content-Length: 196
< Connection: keep-alive
< X-Discogs-Media-Type: discogs.v2
< Cache-Control: public, must-revalidate
< Access-Control-Allow-Origin: *
< 
* Connection #0 to host api.discogs.com left intact
{"documentation_url": "http://www.discogs.com/developers/", "statistics": {"labels": 865753, "releases": 6985048, "artists": 4347882}, "hello": "Welcome to the Discogs API.", "api_version": "2.0"}

I still get the handshake-failures in my tests though. At least on my production server everything is working...

ricbra commented 8 years ago

Could you try out PR https://github.com/ricbra/php-discogs-api/pull/36 and check if the problem still persists?

davalb commented 8 years ago

@ricbra : I still have the problem :/

ricbra commented 8 years ago

That's odd... The configuration tells curl to use TLS v1.2 which is the recommended version.

What are your OS and php versions?

davalb commented 8 years ago

HI @ricbra, just had some time to look at it again. With your new code I get a new error message:

cURL error 35: Unsupported SSL protocol version

I am on OSX 10.10.5 (Yosemite) PHP is version 5.6.10 and curl 7.47.1

ricbra commented 8 years ago

When I switch to php 5.6 on OS 10.10 it keeps working. I suspect you have somehow an outdated openssl install somewhere.

Perhaps you can try out manually which versions are supported like this:

require 'vendor/autoload.php';

$client = \Discogs\ClientFactory::factory();
var_dump($client->getHttpClient()->get('https://api.discogs.com', [
    'config' => [
        'curl' => [
            CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2
        ]
    ]
]));

You can force SSL version with following constants:

CURL_SSLVERSION_TLSv1_2
CURL_SSLVERSION_TLSv1
CURL_SSLVERSION_SSLv3
davalb commented 8 years ago

It works now on my development-machine, too. Unfortunately I don't know why.

Today I moved all discogs-related test-methods out of my ProductTest-class into a separate class, because they were failing constantly and I couldn't fix them. Once I had them in their seperate class the test-methods don't have the handshake-failure anymore. I am really non-plussed.

ricbra commented 8 years ago

Glad to hear the problem is solved. Until someone convinces me the error is in this library, I'm closing this for now.