无法使用SSL自签名证书连接到SoapClient

时间:2017-12-18 15:05:43

标签: php ssl soap soap-client

我尝试使用PHP的SoapClient连接到soap界面。我可以通过SoapUI或命令行上的openssl s_client与它连接。

服务器信息:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"

如果我用PHP(7.1)尝试它,它一直说(例外SoapFault):

  

无法连接到主机

代码:

$soap = new \SoapClient(storage_path('local_wsdl.wsdl'), [
            'location' => 'https://correct-url:port/endpoint',
            'trace' => true,
            'local_cert' => storage_path('local-cert.pfx'),
            'passphrase' => 'cert-password',
            'exceptions' => true,
            'user_agent' => 'PHP WS',
            'stream_context' => stream_context_create([
                'ssl' => [
                    'verify_peer'       => false,
                    'verify_peer_name'  => false,
                    'allow_self_signed' => true,
                ]
            ]),
        ]);

使用openssl:openssl s_client -crlf -connect domain:port 结果:

// some other data

SSL handshake has read 8163 bytes and written 370 bytes
Verification: OK

// some other data

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: the-session-id
    Session-ID-ctx:
    Master-Key: the-master-key
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1513608735
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

这两个命令都由服务器上的同一命令行运行。证书也被添加到ca-certificates

如何让请求有效?

0 个答案:

没有答案