Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not able to send pushes since April 1st #136

Closed
jusefjames opened this issue Apr 5, 2021 · 4 comments
Closed

Not able to send pushes since April 1st #136

jusefjames opened this issue Apr 5, 2021 · 4 comments

Comments

@jusefjames
Copy link

Hi,
i am trying to get my push notifications work again since Apples changes on 1st April.
I read all the existing issues and tried everything what's suggested there but I always get this error:

PHP Fatal error: Uncaught Exception: NSS: client certificate not found (nickname not specified) in .../edamov/pushok/src/Client.php:161 Stack trace: #0 .../push.php(106): Pushok\Client->push() #1 {main} thrown in ...edamov/pushok/src/Client.php on line 161

I tried putting
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
in Client.php
and also adding this:
$client = new Client($authProvider, $production = true, [CURLOPT_CAPATH => '/pathToCerts/']);
like mentioned in #128 (comment)
still no luck

When i try curl --http2 https://google.com I get a valid response.

For curl --http2 https://api.push.apple.com I get the same error curl: (1) NSS: client certificate not found (nickname not specified)
but
openssl s_client -showcerts -connect api.push.apple.com:443 looks ok for me and the output ends with Verify return code: 0 (ok)

I am using
curl 7.76.0
OpenSSL 1.0.2k-fips
PHP 7.3.27

If anyone has a tip for me what I could try that would be great. Thanks.

@edamov
Copy link
Owner

edamov commented Apr 5, 2021

Seems something wrong with path name where certificate is located.
You should change /pathToCerts by real path from you environment:
$client = new Client($authProvider, $production = true, [CURLOPT_CAPATH => '/pathToCerts/']);

@jusefjames
Copy link
Author

Hi, thanks for your quick reply. I used the real path name, just changed it to something shorter for this post. The certificates are located at the same location as my *.p8 file:
/var/www/virtual/myusername/AuthKey_xxxxxxx.p8
It's a shared hosting server. Do the files need special permissions?
The *.p8 file has 644, the certificates *.0 have 644

@jusefjames
Copy link
Author

Hi, I got a little forward on that. Seems like the problem here is that curl was built with NSS and not openSSL.
If I build a new curl '--without-nss' (before I had to build nghttp2 also) and using this one I am able to connect to api.push.apple.com without any problems.
But PHP is using the default one with NSS and therefore it always fails.
I worked around by not using this library and call my custom built curl from php with exec() but that's far away from ideal.

@jusefjames
Copy link
Author

Hi, just a quick update: The issue was related to curl 7.76.0 release which was done on 31st March (close to apples changes on 1st April). Thats why I thought this was because of Apple´s changes.
But the release of curl 7.76.0 broke http2 support for many ssl backends like NSS (not OpenSSL).
See this for details:
https://daniel.haxx.se/blog/2021/04/14/curl-7-76-1-h2-works-again/
Now with a patch release curl 7.76.1 from yesterday everything is working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants