Incorrect error with invalid cert request

Question

Incorrect error with invalid cert request

PNixx opened this issue 3 years ago · comments

I send requests to api.push.apple.com with outdate cert. Example request from terminal with failed error message:

$ curl -X POST --key cert.pem --cert cert.pem -H 'apns-topic: com.example' -d '{"aps":{"alert":{"title":"Title,","body":"Body","action":"Read"},"url-args":["promo"]}}' https://api.push.apple.com/3/device/TOKEN
curl: (56) OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0

But I use http-client:

$context = (new ConnectContext)->withTlsContext((new ClientTlsContext(''))->withCertificate(new Certificate('cert.pem')));
$httpConnectionPool = new UnlimitedConnectionPool(new DefaultConnectionFactory(null, $context));
$client = (new HttpClientBuilder)->usingPool($httpConnectionPool)->build();

$request = new Request('https://api.push.apple.com/3/device/' . $TOKEN, 'POST', '{"aps":{"alert":{"title":"Title,","body":"Body","action":"Read"},"url-args":["promo"]}}');
$request->setHeaders([ 'apns-topic'      => 'com.example' ]);
$request->setProtocolVersions(['2']);

$response = yield $client->request($request);

I received error:

Amp\Http\Client\Connection\UnprocessedRequestException, The request was not processed and can be safely retried /project/vendor/amphp/http-client/src/Connection/DefaultConnectionFactory.php:161

I need catch correctly error.

Niklas Keller · Answer 1 · Fri May 14 2021 14:52:31 GMT+0800 (China Standard Time)

What's the previous exception of the UnprocessedRequestException?

Sergey Odintsov · Answer 2 · Fri May 14 2021 20:24:20 GMT+0800 (China Standard Time)

Amp\Http\Client\Connection\UnprocessedRequestException: The request was not processed and can be safely retried, /project/vendor/amphp/http-client/src/Connection/DefaultConnectionFactory.php:161,
previous: Amp\Http\Client\SocketException, Connection to 'api.push.apple.com:443' @ '17.188.161.13:443' closed during TLS handshake
[{"function":"Amp\\Http\\Client\\Connection\\{closure}","class":"Amp\\Http\\Client\\Connection\\DefaultConnectionFactory","type":"->","args":[]},{"file":"/project/vendor/amphp/amp/lib/Coroutine.php","line":115,"function":"throw","class":"Generator","type":"->","args":["[object] (Amp\\Socket\\TlsException(code: 0): TLS negotiation failed: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1413C18E:SSL routines:ssl_add_cert_chain:ca md too weak at /project/vendor/amphp/socket/src/Internal/functions.php:134)"]}]

Niklas Keller · Answer 3 · Fri May 14 2021 21:29:04 GMT+0800 (China Standard Time)

So it fails with a different error. Try setting the security level in the connect context to 1 instead of 2.

Sergey Odintsov · Answer 4 · Fri May 14 2021 21:45:21 GMT+0800 (China Standard Time)

This is a little silly. On request, I expect a SocketException, but I get a completely different (generic) error. It breaks the idea of the proper operation of the try {} catch {}

Niklas Keller · Answer 5 · Sat May 15 2021 03:49:41 GMT+0800 (China Standard Time)

Yeah, UnprocessedRequestException should probably be unwrapped. Changing it now might be considered a BC break, but you can do it with an application interceptor. PR welcome.