Skip to content
This repository has been archived by the owner on Apr 10, 2021. It is now read-only.

Libcurl ssl peer verification error #5

Open
zeut opened this issue Mar 26, 2012 · 6 comments
Open

Libcurl ssl peer verification error #5

zeut opened this issue Mar 26, 2012 · 6 comments
Assignees
@Snider

Comments

@zeut
Copy link

zeut commented Mar 26, 2012

== new details ==
please see coments below, this is now dealing with a libcurl ssl issue

original title: list_domain_details() should have limit and offset arguments
There might be other places where similar changes are needed, but I bumped into this one specifically. I have re-written the function thusly:

public function list_domain_details($domainID = false, $showRecords = false, $showSubdomains = false, $limit=false, $offset=false) {
    if ($domainID == false || ! is_numeric ( $domainID )) {
        return false;
    }

    $showRecords = ($showRecords == false) ? 'false' : 'true';
    $showRecords = ($showSubdomains == false) ? 'false' : 'true';
    $limit       = ($limit != false && $limit > 0) ? "&limit=$limit" : '';
    $offset      = ($offset != false && $offset >= 0) ? "&offset=$offset" : '';

    $url = "/domains/$domainID?showRecords=$showRecords&showSubdomains=$showSubdomains{$limit}{$offset}";

    return $this->makeApiCall ( $url );
}
@ghost ghost assigned Snider Mar 26, 2012
@Snider
Copy link
Owner

Snider commented Mar 26, 2012

Hello Zeut,

Thanks for getting in touch!

Since the default is limit 100 offset 0 I have modified the code for use in the lib.

Want to say thatnk you for rasing this bug prompting me to fix this.

i have packed a version in the download area which should drop into your code no issues.

Regards

Paul Lashbrook,
Systems Architect
Original Webware Limited

@Snider Snider closed this as completed Mar 26, 2012
@zeut
Copy link
Author

zeut commented Mar 26, 2012

Paul, thank you very much for making this update so quickly. I do
appreciate it and appreciate the work you did initially on this project,
was a big help for our needs. One additional comment. I had to add the
following line inside makeApiCall() around line number 598 or so...

curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, FALSE );

Not sure if I'm doing something wrong, but it was needed for me. Thanks

again!

Matthew T. O'Connor

On Mon, Mar 26, 2012 at 4:19 AM, Paul Lashbrook <
[email protected]

wrote:

Hello Zeut,

Thanks for getting in touch!

Since the default is limit 100 offset 0 I have modified the code for use
in the lib.

Want to say thatnk you for rasing this bug prompting me to fix this.

i have packed a version in the download area which should drop into your
code no issues.

Regards

Paul Lashbrook,
Systems Architect
Original Webware Limited

Reply to this email directly or view it on GitHub:
#5 (comment)

@Snider
Copy link
Owner

Snider commented Mar 27, 2012

Hiya,

Ah yes that error, its because your using an outdated version of Curl and the built in list of CA's is outdated so the CA rackspace use for their SSL is not in the list... meaning your unable to verify the peer (the api).

please take a new copy of the git files and just run $dns->set_cabundle(true); before you try to do a API action this will use the packaged pem file i've included in this version.

if it works i will update the download with this change, it would be wise to not bypass the security check and to try and get curl to verify the peer correctly.

Rgds

Paul

@zeut
Copy link
Author

zeut commented Apr 2, 2012

Paul, once again thanks for your work on this. Two issues:

  1. I had to modify your code to make it work for me (see the attached
    diff). I think my patch is correct and it was just bug in the code, but
    maybe I'm missing something.

  2. I think the way you did this is a bit inconsistent. The
    set_cabundle($path = null) function has an argument asking for the path,
    but you don't use the path they are passing in, the code is assuming that
    "./share/cacert.pem" exists and is all the user would want to use. Either,
    the set_cabundle() function should have no argument and just set a flag, or
    we should respect the path passed in. I would be happy to make a patch
    that does that if you would like. Just let me know.

Thanks again!

Matthew T. O'Connor

On Tue, Mar 27, 2012 at 7:51 AM, Paul Lashbrook <
[email protected]

wrote:

Hiya,

Ah yes that error, its because your using an outdated version of Curl and
the built in list of CA's is outdated so the CA rackspace use for their SSL
is not in the list... meaning your unable to verify the peer (the api).

please take a new copy of the git files and just run
$dns->set_cabundle(true); before you try to do a API action this will use
the packaged pem file i've included in this version.

if it works i will update the download with this change, it would be wise
to not bypass the security check and to try and get curl to verify the peer
correctly.

Rgds

Paul

Reply to this email directly or view it on GitHub:
#5 (comment)

@Snider
Copy link
Owner

Snider commented Apr 3, 2012

Hiya,

i ported a fix from the official rackspace cloud cdn lib for outdated libcurl installs, that i had to use on a machine before but upgraded libcurl since then... and as you pointed out i did a lazy job and forgot to add the path in the code forcing you to use the supplied pem file.... sorry about that!

i would fix this... but ive found a better way to deal with the rackspace api by using streams and not lib curl.... so im going to adjust the code to beable to use lib curl but prefer streams as things would work better across the board and see if theres any issues with it.

https://github.com/snider/php-notifyMyAndroid/blob/master/nmaApi.class.php#L145

for the notify my android api i've not used libcurl at all but basically the same code logic so easy to port over, my open source day is generally fridays... if i get time to play before then i will :)

the lib curl way would stay so people can pick lib curl if they need to route through a proxy server or somthing the stream ruote cant do (which im not sure what it wont yet)... any fixes to make it work with your setup for everyone in your shoes would be greatly appreciated as i can't test to make sure any fixes i do would fix things nicley :)

@Snider Snider reopened this Apr 3, 2012
@zeut
Copy link
Author

zeut commented Apr 8, 2012

Hi Paul, look forward to your next, stream based version. I will be sure
to test it!

Thanks again.

On Tue, Apr 3, 2012 at 6:13 AM, Paul Lashbrook <
[email protected]

wrote:

Hiya,

i ported a fix from the official rackspace cloud cdn lib for outdated
libcurl installs, that i had to use on a machine before but upgraded
libcurl since then... and as you pointed out i did a lazy job and forgot to
add the path in the code forcing you to use the supplied pem file.... sorry
about that!

i would fix this... but ive found a better way to deal with the rackspace
api by using streams and not lib curl.... so im going to adjust the code to
beable to use lib curl but prefer streams as things would work better
across the board and see if theres any issues with it.

https://github.com/snider/php-notifyMyAndroid/blob/master/nmaApi.class.php#L145

for the notify my android api i've not used libcurl at all but basically
the same code logic so easy to port over, my open source day is generally
fridays... if i get time to play before then i will :)

the lib curl way would stay so people can pick lib curl if they need to
route through a proxy server or somthing the stream ruote cant do (which im
not sure what it wont yet)... any fixes to make it work with your setup for
everyone in your shoes would be greatly appreciated as i can't test to make
sure any fixes i do would fix things nicley :)

Reply to this email directly or view it on GitHub:
#5 (comment)

Matthew T. O'Connor

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Snider Snider

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Snider @zeut