search

xmppo / xmpp-php

PHP client library for XMPP (Jabber) protocol
https://github.com/xmppo/xmpp-php
MIT License
45 stars 23 forks source link

ssl3_get_server_certificate:certificate verify failed #11

Open adnanmuhammad opened 4 years ago

adnanmuhammad commented 4 years ago

i am getting an error even with the ssl is installed on my server.

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Please help.

Norgul commented 4 years ago

Hello @adnanmuhammad

this should not be at my part. Maybe you can check out the following link

WelterRocks commented 3 years ago

Sorry Norgul, but there are many situations, where it can be useful to bypass TLS errors. For example, there are some IOT vendors, not updating there cert chains, which lead to expired certs or untrusted chains. It is up to us as developers to make things work, even if errors occur.

@adnanmuhammad if you are still interested, edit the file Socket.php and change the constructor to this:

`public function __construct(Options $options) { $this->responseBuffer = new Response();

    //$this->connection = stream_socket_client($options->fullSocketAddress());

    // Changed, to bypass certificate errors
    $errno = null;
    $errstr = null;
    $timeout = ini_get("default_socket_timeout");
    $flags = STREAM_CLIENT_CONNECT;

    // Context, to bypass certificate problems
    $context = stream_context_create();
    stream_context_set_option($context, 'ssl', 'verify_host', false);
    stream_context_set_option($context, 'ssl', 'verify_peer', false);
    stream_context_set_option($context, 'ssl', 'allow_self_signed', true);

    $this->connection = stream_socket_client($options->fullSocketAddress(), $errno, $errstr, $timeout, $flags, $context);

    if ($errno)
        die("ERROR(".$errno."): ".$errstr."\n");

    if (!$this->isAlive($this->connection)) {
        throw new DeadSocket();
    }

    //stream_set_blocking($this->connection, true);
    stream_set_timeout($this->connection, 0, $this->timeout);
    $this->options = $options;
}

`

Norgul commented 3 years ago

@WelterRocks feel free to submit a PR, I'd gladly implement it. Thanks!

WelterRocks commented 3 years ago

Will fix some few more things and send the PR ;-). Thanks.