Guzzle and HTTPS - https

I want to use Guzzle and Silex to send request to https pages.
With http url I have a response :
app->get('/',function() use ($app, $client){
$response = $client->get("http://www.google.fr");
var_dump($response);
});
My response:
object(GuzzleHttp\Message\Response)[102]
private 'reasonPhrase' => string 'OK' (length=2)
private 'statusCode' => int 200
private 'effectiveUrl' => string 'http://www.google.fr' (length=20)
private 'headers' (GuzzleHttp\Message\AbstractMessage) =>
array (size=13)
'date' =>
array (size=1)
0 => string 'Wed, 18 Feb 2015 10:57:37 GMT' (length=29)
'expires' =>
But with https :
$app->get('/',function() use ($app, $client){
$url = "https://api.zoapp.com/v1/stc/cans/directory/pub/Employees";
$response = $client->get("https://www.facebook.com/");
var_dump($response);
});
I have to errors :
RequestException in RequestException.php line 51:
and
RingException in CurlFactory.php line 126:
Details : pastbin link

Following your link to the details, the exception message says:
cURL error 60: See http://curl.haxx.se/libcurl/c/libcurl-errors.html
Looking up http://curl.haxx.se/libcurl/c/libcurl-errors.html I found
CURLE_SSL_CACERT (60)
Peer certificate cannot be authenticated with known CA certificates.
So it's most likely a problem with the SSL verification/CA bundle. By setting the verify request option to false, guzzle (resp. curl) will not try to verify the host against a certificate, hence the error disappears (-- in reply to https://stackoverflow.com/a/28582692/413531)
However, you do not want to do that ;) Instead, you should try to solve the issue by providing a valid CA bundle.
IIRC, in v4 guzzle provided a default certificate (see https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem ), but removed that in version 5 and now tries to discover your default system CA bundle. From the docs, those locations are checked:
Check if openssl.cafile is set in your php.ini file.
Check if curl.cainfo is set in your php.ini file.
Check if /etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)
Check if /etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)
Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
Check if C:\windows\curl-ca-bundle.crt exists (Windows)
However, I found it easier to set the certificate explicitly when creating a new Client. That means:
Download https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem or better (because newer) http://curl.haxx.se/ca/cacert.pem (see http://curl.haxx.se/docs/caextract.html)
Use the local path to this certifcate in the Client instantiation
Example (assuming you have the certificate named cacert.pem located in the same directory as the script):
$default = ["verify" => __DIR__ . "/cacert.pem"];
$config = ["defaults" => $default];
$client = new Client($config);
$response = $client->get("https://www.facebook.com");

I found a solution but do not know why it works :
$client->setDefaultOption('verify', false);
$response = $client->get("https://www.facebook.com");

Related

How to Fix Client Error: file_get_contents(): in Cpanel with Laravel Project inside

i have problem when do seed in my laravel project in cpanel.
this is the errors
Client Error: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
at vendor/kavist/rajaongkir/src/HttpClients/BasicClient.php:74
70▕
71▕ private function executeRequest(string $url): array
72▕ {
73▕ set_error_handler(function ($severity, $message) {
➜ 74▕ throw new BasicHttpClientException('Client Error: '.$message, $severity);
75▕ });
76▕
77▕ $rawResponse = file_get_contents($url, false, $this->context);
Please Someone help me
this is my LocationsTableSeeder.php
public function run()
{
$daftarProvinsi = RajaOngkir::provinsi()->all();
foreach ($daftarProvinsi as $provinceRow) {
Province::create([
'province_id' => $provinceRow['province_id'],
'nama' => $provinceRow['province'],
]);
$daftarKota = RajaOngkir::kota()->dariProvinsi($provinceRow['province_id'])->get();
foreach ($daftarKota as $cityRow) {
Kabupaten::create([
'province_id' => $provinceRow['province_id'],
'city_id' => $cityRow['city_id'],
'nama' => $cityRow['city_name'],
'type' => $cityRow['type'],
'postal_code' => $cityRow['postal_code'],
]);
}
}
}
It's a good practice to disable file_get_contents ability to open remote URLs (like the ones starting HTTP) on shared servers (that frequently use Cpanel) to avoid the download/injection of malicious scripts in your server.
Go to Cpanel PHP options and enable allow_url_fopen, as pointed by apokryfos, usually it's at Switch To PHP Options menu. Some providers will not allow this change via Cpanel and you might need to open a support ticket.
Usually, this option cannot be changed by ini_set or via the PHP script itself in any other way.

Issue with PEM file while building a query using Laravel and Goutte

I'm building a website using Laravel 8 and Goutte 4. I'm trying to send a request to a website that requires authentication with a .pem file. In order to do so, I include the 'local_cert' param when creating the instance of http-client like this:
use Goutte\Client;
use Symfony\Component\HttpClient\HttpClient;
class Query
{
protected $client;
public function __construct() {
$this->client = (new Client(
HttpClient::create([
'timeout' => 30,
'local_cert' => //absolute path to the .pem file,
])
));
}
public function query() {
$this->client->request('GET', "https://palena.sii.cl/cvc_cgi/dte/of_solicita_folios");
}
}
This works perfectly well on my local server, but when I try it on the production server, I get an Exception: "Problem with the local SSL certificate". The .pem file being used is the same in development and production, and the php can read the file in the production server.
The full error in the laravel Log is:
[2020-12-02 21:32:30] production.ERROR: Problem with the local SSL certificate for "https://palena.sii.cl/cvc_cgi/dte/of_solicita_folios". {"userId":1,"exception":"[object] (Symfony\Component\HttpClient\Exception\TransportException(code: 0): Problem with the local SSL certificate for "https://palena.sii.cl/cvc_cgi/dte/of_solicita_folios". at /my/path/vendor/symfony/http-client/Chunk/ErrorChunk.php:65)
did you fixed? i only make this work with GuzzleHttp
$requestAuthentication = $clientAuth->request('GET', $urlAuthentication, [
'cert' => [$rutaPem, 'clave'],
'cookies' => $cookiesAuth,
]);

How to fix 'Facebook has detected MyApp isn't using a secure connection to transfer information.' error in Laravel

I am trying to connect my app to facebook login with Laravel and socialite package.But i don't know why facebook show me this error. I searched internet but i couldn't find anything .How can i fix this error ?
I thought that if i make my connection with https it will work but after making https again error appears.
My code in laravel:
web.php
Route::get('login/{provider}', 'SocialController#redirect');
Route::get('login/{provider}/callback','SocialController#Callback');
SocialController.php
public function redirect($provider)
{
return Socialite::driver($provider)->redirect();
}
public function Callback($provider){
$userSocial = Socialite::driver($provider)->stateless()->user();
$users = User::where(['email' => $userSocial->getEmail()])->first();
if($users){
Auth::login($users);
return redirect('/');
}else{$user = User::create([
'username' => $userSocial->getName(),
'email' => $userSocial->getEmail(),
'provider_id' => $userSocial->getId(),
'provider' => $provider,
]);
return redirect()->route('home');
}
}
You can do "Create Test App" and replace your App ID and Secret using the test app.
The simple answer is - Facebook will send sensitive data to provided redirect_uri, so it is ensuring this connection is private, by forcing you to use valid SSL.
As long as you do not setup a valid domain with proper certificate, Facebook won't let you use production API.
It looks like time expiration. I've just created another Facebook app and it works without that error.
You can use ngrok to make your localthost https.
download and run ngrok.exe.
Then run command ngrok.exe http {port}. In most cases, it will be 8000.
In case of angular : try to serve your app in secured socket layer true mode as Facebook is detecting insecure connection
Use the following command:
ng serve --ssl true

Error uploading from Laravel 5.4 to S3 bucket

[I run the script from localhost]
I'm trying to upload files using Laravel 5.4 to AWS S3 bucket but I get this error:
Error executing "PutObject" on "https://bucket_name.s3.amazonaws.com/1520719994357906.png"; AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
In filesystems.php:
's3' => [
'driver' => 's3',
'key' => 'KRY_HERE',
'secret' => 'SECRET_HERE',
'region' => 'us-east-1',
'bucket' => 'bucket_name', //has global access to read files
],
In the controller:
Storage::disk('s3')->put($imageName, file_get_contents(public_path('galleries/').$imageName));
How to solve this? If I upload the app to EC2 instance does it require SSL installed to upload files to S3 bucket? Thanks in advance.
Uploading from server worked fine no need to install SSL it just doesn't work from localhost.
it just doesn't work from localhost,if you want to do working it on localhost you have to do some changes in vendor directory.(For your local use only)
vendor/guzzle/src/handler/CurlFactory.php
Near around line no 350.Comment this two line and add new two line,otherwise replace this two line.(as you wish)
if ($options['verify'] === false) {
unset($conf[\CURLOPT_CAINFO]);
$conf[\CURLOPT_SSL_VERIFYHOST] = 0;
$conf[\CURLOPT_SSL_VERIFYPEER] = false;
} else {
/* $conf[\CURLOPT_SSL_VERIFYHOST] = 2;
$conf[\CURLOPT_SSL_VERIFYPEER] = true;*/ //Comment this two line
$conf[\CURLOPT_SSL_VERIFYHOST] = 0;
$conf[\CURLOPT_SSL_VERIFYPEER] = false;
}
Now it's work fine.

RestClient.get returning certificate verify failed

I am trying hit an internal testing API server using RestClient and Ruby v. 2.2.1.
This is essentially the code:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
response = RestClient.get url, header
This is the failure message I get:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)
If I'm reading this right, it looks like Ruby couldn't accept the SSL security certificate. This call works in the Chrome app Postman, but in order for it to work, I have to hit the URL in Chrome itself and accept that the connection is not secure (but proceed anyway), and THEN it will work in postman.
Is there a way to ignore the certificate failures and proceed anyway in Ruby?
Try using #execute(&block) with verify_ssl set to false.
:verify_ssl enable ssl verification, possible values are constants
from OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER
url = "https://10.10.0.10/thing/i/want/to/get"
headers = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
RestClient::Request.execute(
:url => url,
:method => :get,
:headers => headers,
:verify_ssl => false
)
see: http://www.rubydoc.info/github/rest-client/rest-client/RestClient/Request#execute-instance_method
RVM
Additional solution for RVM users from: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
This discussion on Github finally gave the solution: Somehow RVM comes
with a precompiled version of ruby that is statically linked against
an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and
rather have ruby compiled on your local machine, like so:
rvm install 2.2.0 --disable-binary
rest-client verify certificates using the system's CA store on all platforms by default. But is possible set to false the option :verify_ssl or specify :ssl_ca_file or :ssl_ca_path or :ssl_cert_store to customize the certificate authorities accepted.
See documentation
So you could simply set :verify_ssl to false:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
resource = RestClient::Resource.new(
url,
headers: header,
verify_ssl: false
)
response = resource.get
You could try immediately with a host which use a self-signed certificated provided by https://badssl.com/. Simply copy the snippet below in your irb console.
response = RestClient::Resource.new(
'https://self-signed.badssl.com/',
:verify_ssl => false
).get

Resources