Incorrect error with invalid cert request
PNixx opened this issue · comments
I send requests to api.push.apple.com
with outdate cert. Example request from terminal with failed error message:
$ curl -X POST --key cert.pem --cert cert.pem -H 'apns-topic: com.example' -d '{"aps":{"alert":{"title":"Title,","body":"Body","action":"Read"},"url-args":["promo"]}}' https://api.push.apple.com/3/device/TOKEN
curl: (56) OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0
But I use http-client:
$context = (new ConnectContext)->withTlsContext((new ClientTlsContext(''))->withCertificate(new Certificate('cert.pem')));
$httpConnectionPool = new UnlimitedConnectionPool(new DefaultConnectionFactory(null, $context));
$client = (new HttpClientBuilder)->usingPool($httpConnectionPool)->build();
$request = new Request('https://api.push.apple.com/3/device/' . $TOKEN, 'POST', '{"aps":{"alert":{"title":"Title,","body":"Body","action":"Read"},"url-args":["promo"]}}');
$request->setHeaders([ 'apns-topic' => 'com.example' ]);
$request->setProtocolVersions(['2']);
$response = yield $client->request($request);
I received error:
Amp\Http\Client\Connection\UnprocessedRequestException, The request was not processed and can be safely retried /project/vendor/amphp/http-client/src/Connection/DefaultConnectionFactory.php:161
I need catch correctly error.
What's the previous exception of the UnprocessedRequestException
?
Amp\Http\Client\Connection\UnprocessedRequestException: The request was not processed and can be safely retried, /project/vendor/amphp/http-client/src/Connection/DefaultConnectionFactory.php:161,
previous: Amp\Http\Client\SocketException, Connection to 'api.push.apple.com:443' @ '17.188.161.13:443' closed during TLS handshake
[{"function":"Amp\\Http\\Client\\Connection\\{closure}","class":"Amp\\Http\\Client\\Connection\\DefaultConnectionFactory","type":"->","args":[]},{"file":"/project/vendor/amphp/amp/lib/Coroutine.php","line":115,"function":"throw","class":"Generator","type":"->","args":["[object] (Amp\\Socket\\TlsException(code: 0): TLS negotiation failed: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1413C18E:SSL routines:ssl_add_cert_chain:ca md too weak at /project/vendor/amphp/socket/src/Internal/functions.php:134)"]}]
So it fails with a different error. Try setting the security level in the connect context to 1 instead of 2.
This is a little silly. On request, I expect a SocketException, but I get a completely different (generic) error. It breaks the idea of the proper operation of the try {} catch {}
Yeah, UnprocessedRequestException should probably be unwrapped. Changing it now might be considered a BC break, but you can do it with an application interceptor. PR welcome.