file_get_contents ignoring verify_peer=>false?

php ssl https

31,160

Solution 1

You missed verify_peer_name. If you set that to false as well, the request works:

$arrContextOptions=array(
    "http" => array(
        "method" => "POST",
        "header" => 
            "Content-Type: application/xml; charset=utf-8;\r\n".
            "Connection: close\r\n",
        "ignore_errors" => true,
        "timeout" => (float)30.0,
        "content" => $strRequestXML,
    ),
    "ssl"=>array(
        "allow_self_signed"=>true,
        "verify_peer"=>false,
        "verify_peer_name"=>false,
    ),
);

file_get_contents("https://somedomain:2000/abc/", false, stream_context_create($arrContextOptions));

Solution 2

dont' know if this will actually help, but do try removing the SSL options from your option array.

The reason behind this: according to http://www.php.net/manual/en/context.ssl.php , verify_peer is false by default.

allow_self_signed REQUIRES verify_peer, and is false by default.

From the above, I gather that allow_self_signed probably overrides your setting for verify_peer.

So please try without any option for SSL, or without the allow_self_signed, and let us know if that helped any.

31,160

Author by

oxygen

Updated on August 17, 2020

Comments

oxygen almost 4 years
file_get_contents with https hosts works just fine, except for a particular host (test api server from some company - ip whitelisted, can't give you URL to test). This rules out not loaded https modules and other initial setup mistakes.

I have tested with multiple PHP installations, all at v5.3.3, 32bits, Debian 32bits.

The request works with cURL, but only if setting curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);. However, setting verify_peer"=>false on the context for file_get_contents seems to make no difference.

With file_get_contents, the exact same request (same URL, same XML POST data) fails with SSL: Connection reset by peer:
```
$arrContextOptions=array(
    "http" => array(
        "method" => "POST",
        "header" => 
            "Content-Type: application/xml; charset=utf-8;\r\n".
            "Connection: close\r\n",
        "ignore_errors" => true,
        "timeout" => (float)30.0,
        "content" => $strRequestXML,
    ),
    "ssl"=>array(
        "allow_self_signed"=>true,
        "verify_peer"=>false,
    ),
);

file_get_contents("https://somedomain:2000/abc/", false, stream_context_create($arrContextOptions));
```
.

Has anyone encountered this with file_get_contents? Any ideas how to debug?
eyevan about 11 years

You're getting "Connection reset by peer", which means it doesn't neccessarily hang up. I'm guessing if the client and server can't agree on which SSL handshake version to use, you'd get this error.
oxygen about 11 years

Ok, fsockopen worked. However, there is nothing wrong with the PHP configuration. It works just fine with many other HTTPS self signed SSL certificates.
Blue almost 8 years

While this code snippet may solve the question, including an explanation really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Please also try not to crowd your code with explanatory comments, as this reduces the readability of both the code and the explanations!