Disable verify ssl validation #32

erkinsergey · 2018-09-05T13:36:43Z

How can I prevent ssl from checking without changing the source code of the class Services_OpenStreetMap_Transport_HTTP?

Now I was able to achieve this only by changing the code :

class Services_OpenStreetMap_Transport_HTTP
    implements Services_OpenStreetMap_Transport
{
...
 public function getResponse(
        $url,
        $method = HTTP_Request2::METHOD_GET,
        $user = null,
        $password = null,
        $body = null,
        array $post_data = null,
        array $headers = null
    ) {
        ...
        $request = $this->getRequest();
        $request->setUrl($url);
        $request->setMethod($method);
        $request->setAdapter($this->getConfig()->getValue('adapter'));

        // my insertion
        $request->setConfig('ssl_verify_peer', FALSE);
        $request->setConfig('ssl_verify_host', FALSE);
        // the end of my insertion
        ...

The text was updated successfully, but these errors were encountered:

kenguest · 2018-09-05T15:05:28Z

hi - thanks for your feedback.

I might address this shortly by introducing a new option in the Config object - until then your change looks good.

Thanks again!

kenguest · 2018-09-05T22:33:16Z

hi @erkinsergey - I've committed some changes so that you should be able to do this now by setting the config for Services_OpenStreetMap instead of relying on your insertions.

...
$config = ['ssl_verify_peer' => false, 'ssl_verify_host' => false];
$osm = Services_OpenStreetMap($config);
...

I'll push a new release once I know this works as expected for you.

erkinsergey · 2018-09-06T05:46:11Z

Yes, that's exactly what I need, Thank you!
However, after checking the work, it turned out that there was an error:

$config = [
    'ssl_verify_peer' => false, 
    'ssl_verify_host' => false
];
$osm = Services_OpenStreetMap($config);

class Services_OpenStreetMap_Transport_HTTP
    implements Services_OpenStreetMap_Transport
{
...
 public function getResponse(
        $url,
        $method = HTTP_Request2::METHOD_GET,
        $user = null,
        $password = null,
        $body = null,
        array $post_data = null,
        array $headers = null
    ) {
...
        $request->setConfig('ssl_verify_peer', $config->getValue('ssl_verify_peer'));
        $request->setConfig('ssl_verify_host', $config->getValue('ssl_verify_host'));

        $request->setConfig('ssl_cafile', $config->getValue('ssl_cafile'));
        $request->setConfig('ssl_local_cert', $config->getValue('ssl_local_cert'));
        $request->setConfig('ssl_passphrase', $config->getValue('ssl_passphrase'));
        
        // my data verification
        file_put_contents('log.txt', print_r($config, true));

Some of the data log.txt:

[config:protected] => Array
        (
            ...
            [accept-language] => en
            [oauth_token_secret] => 
            [oauth_consumer_key] => 
            [consumer_secret] => 
            [ssl_verify_peer] => 1
            [ssl_verify_host] => 1
            [ssl_cafile] => 
            [ssl_local_cert] => 
            [ssl_passphrase] => 
        )

That is, the data is taken from the default configuration. ;(

erkinsergey · 2018-09-06T13:16:57Z

After testing, I changed the comment above.

kenguest · 2018-09-07T22:51:44Z

I've added some unit tests and found that changing the config values in either way, does seem to propagate the new values correctly:

$config = ['ssl_verify_peer' => false, 'ssl_verify_host' => false];
$osm = new Services_OpenStreetMap($config);
shows both turned off

$osm = new Services_OpenStreetMap();
$osm->getConfig()->setValue('ssl_verify_host', 1);
$osm->getConfig()->setValue('ssl_verify_peer', 0);
shows verify_host on, but verify_peer off.

I checked these, like you, by adding print_r calls into Services/OpenStreetMap/Transport/HTTP.php after the setConfig calls.

Maybe you're not looking at the recent-most portion of your log file?

erkinsergey · 2018-09-10T06:29:54Z

Unfortunately, while we do not understand each other. I'll try to explain again. Sorry for my English...
I downloaded and included in the project latest commit bfa04b9.
My source code:

require_once 'Services/OpenStreetMap.php';
  $config = [
    'adapter'         => 'HTTP_Request2_Adapter_Curl',
    'api_version'     => '0.6',
    'password'        => '*****',
    'server'          => 'https://my_local_osm_server',
    'User-Agent'      => 'Services_OpenStreetMap',
    'user'            => 'testuser',
    'ssl_verify_peer' => FALSE,
    'ssl_verify_host' => FALSE,
  ];

  $osm = new Services_OpenStreetMap($config);

I see that the constructor immediately makes a request /api/capabilities, and already at this point I get an error message:

Fatal error: Uncaught HTTP_Request2_ConnectionException: Curl error: SSL certificate problem: unable to get local issuer certificate in /var/www/html/osmapi/lib/HTTP/Request2/Adapter/Curl.php:155 Stack trace: #0 /var/www/html/osmapi/lib/HTTP/Request2/Adapter/Curl.php(184): HTTP_Request2_Adapter_Curl::wrapCurlError(Resource id #3) #1 /var/www/html/osmapi/lib/HTTP/Request2.php(946): HTTP_Request2_Adapter_Curl->sendRequest(Object(HTTP_Request2)) #2 /var/www/html/osmapi/lib/Services/OpenStreetMap/Transport/HTTP.php(160): HTTP_Request2->send() #3 /var/www/html/osmapi/lib/Services/OpenStreetMap/Config.php(377): Services_OpenStreetMap_Transport_HTTP->getResponse('https://s1.taga...') #4 /var/www/html/osmapi/lib/Services/OpenStreetMap/Config.php(266): Services_OpenStreetMap_Config->setServer('https://s1.taga...') #5 /var/www/html/osmapi/lib/Services/OpenStreetMap.php(94): Services_OpenStreetMap_Config->setValue(Array) #6 /var/www/html/osmapi/index.php(144): Services_OpenStreetMap->__construct(Array) #7 {main} Next Services_OpenS in /var/www/html/osmapi/lib/Services/OpenStreetMap/Config.php on line 379

I see that the Services_OpenStreetMap_Transport_HTTP :: getResponse method contains strings:

/* Issue 32 - SSL Config */
$request->setConfig('ssl_verify_peer', $config->getValue('ssl_verify_peer'));
$request->setConfig('ssl_verify_host', $config->getValue('ssl_verify_host'));
$request->setConfig('ssl_cafile', $config->getValue('ssl_cafile'));
$request->setConfig('ssl_local_cert', $config->getValue('ssl_local_cert'));
$request->setConfig('ssl_passphrase', $config->getValue('ssl_passphrase'));

// THIS IS MY INSERT
// from here are taken the data for the log file
file_put_contents('log.txt', print_r($config, TRUE));

Where $config created in the Services_OpenStreetMap_Transport_HTTP constructor as:

public function __construct()
    {
        $this->setConfig(new Services_OpenStreetMap_Config());
        $this->setRequest(new HTTP_Request2());
        $this->setLog(new Log_null(null, null));
    }

That is, as the default constructor with:

'ssl_verify_peer' => true,
'ssl_verify_host' => true,
'ssl_cafile' => null,
'ssl_local_cert' => null,
'ssl_passphrase' => null,

My log file:

I can not avoid mistakes, because my settings do not affect the result.

kenguest · 2018-09-11T21:22:31Z

Hi @erkinsergey, your extra details and trace of what was wrong did help.

I adjusted the code so that the library only requests capabilities information after all other configuration settings have been applied, especially settings that would need to be changed to permit access to that API endpoint.

While I don't have a test server to connect against to check that my recent changes from tonight will 100% fix this issue, I think it is fixed now.

Would you please test that the changes should now work for you?

Thanks.

erkinsergey · 2018-09-12T06:06:27Z

Yes, now everything works correctly.
Thank you for your work.

kenguest · 2018-09-12T07:16:33Z

You're very welcome - am happy to get this bug fixed :-)

kenguest self-assigned this Sep 5, 2018

erkinsergey closed this as completed Sep 12, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disable verify ssl validation #32

Disable verify ssl validation #32

erkinsergey commented Sep 5, 2018 •

edited

Loading

kenguest commented Sep 5, 2018

kenguest commented Sep 5, 2018

erkinsergey commented Sep 6, 2018 •

edited

Loading

erkinsergey commented Sep 6, 2018

kenguest commented Sep 7, 2018

erkinsergey commented Sep 10, 2018 •

edited

Loading

kenguest commented Sep 11, 2018

erkinsergey commented Sep 12, 2018

kenguest commented Sep 12, 2018

Disable verify ssl validation #32

Disable verify ssl validation #32

Comments

erkinsergey commented Sep 5, 2018 • edited Loading

kenguest commented Sep 5, 2018

kenguest commented Sep 5, 2018

erkinsergey commented Sep 6, 2018 • edited Loading

erkinsergey commented Sep 6, 2018

kenguest commented Sep 7, 2018

erkinsergey commented Sep 10, 2018 • edited Loading

kenguest commented Sep 11, 2018

erkinsergey commented Sep 12, 2018

kenguest commented Sep 12, 2018

erkinsergey commented Sep 5, 2018 •

edited

Loading

erkinsergey commented Sep 6, 2018 •

edited

Loading

erkinsergey commented Sep 10, 2018 •

edited

Loading