sarojgithub / apns-php

Automatically exported from code.google.com/p/apns-php
0 stars 0 forks source link

Unable to verify peer #1

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
PHP is unable to connect when I request peer verification. Unfortunately it 
fails with error code 0 and no error message. This is not working on a Debian 
Lenny box with PHP 5.3.3 compiled from scratch but does work on my Mac with PHP 
5.3.1 (default install)

As no error code or message is given I'm at a loss to debug this one.

What steps will reproduce the problem?
1. Using the sample_push or sample_server code, make a call to 
setRootCertificationAuthority

What version of the product are you using? On what operating system?
r50 (current release), Debian Lenny

Please provide any additional information below.

Connects (and sends notifications) fine without peer verification.

Original issue reported on code.google.com by dca...@gmail.com on 3 Aug 2010 at 5:40

GoogleCodeExporter commented 8 years ago
Have you exported from your Mac the PEM 
[http://code.google.com/p/apns-php/wiki/CertificateCreation#Verify_peer_using_En
trust_Root_Certification_Authority] and "imported" in your Debian the "Entrust 
Root Certification Authority"?

Otherwise I suggest you to disable the verification of the Apple remote peer 
commenting out this line:

$push->setRootCertificationAuthority('entrust_root_certification_authority.pem')
;

Ciao,

Aldo

Original comment by aldo.arm...@gmail.com on 25 Aug 2010 at 3:36

GoogleCodeExporter commented 8 years ago
Hi Aldo,

Thanks for your response.

As far as I can tell the Entrust Root Certification Authority crts are present:

$ dpkg-query -L ca-certificates | grep Entrust
/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Global_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Personal_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Global_Secure_Personal_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.cr
t
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt

and I can verify the .pem used by the PHP code with openssl:

$ openssl verify ../data/certificates/entrust_root_certification_authority.pem 
../data/certificates/entrust_root_certification_authority.pem: OK

Disabling verification works but is not a nice solution. I'm lost for things to 
try though.

Original comment by dca...@gmail.com on 25 Aug 2010 at 5:05

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Hi!

I'm also using Debian (Lenny) on my servers.

Please download the right certificate (in PEM format) from 
https://www.entrust.net/downloads/root_index.cfm

I'm able to verify peer using the second one (Entrust CA (2048)) 
[https://www.entrust.net/downloads/binary/entrust_2048_ca.cer]

Ciao,

Aldo

Original comment by aldo.arm...@gmail.com on 26 Aug 2010 at 11:55