Unable to verify peer

Question

Unable to verify peer

GoogleCodeExporter opened this issue 9 years ago · comments

Google Code Exporter commented 9 years ago

PHP is unable to connect when I request peer verification. Unfortunately it 
fails with error code 0 and no error message. This is not working on a Debian 
Lenny box with PHP 5.3.3 compiled from scratch but does work on my Mac with PHP 
5.3.1 (default install)

As no error code or message is given I'm at a loss to debug this one.

What steps will reproduce the problem?
1. Using the sample_push or sample_server code, make a call to 
setRootCertificationAuthority

What version of the product are you using? On what operating system?
r50 (current release), Debian Lenny

Please provide any additional information below.

Connects (and sends notifications) fine without peer verification.

Original issue reported on code.google.com by dca...@gmail.com on 3 Aug 2010 at 5:40

Google Code Exporter · Answer 1 · Tue Jan 26 2016 12:25:14 GMT+0800 (China Standard Time)

Have you exported from your Mac the PEM 
[http://code.google.com/p/apns-php/wiki/CertificateCreation#Verify_peer_using_En
trust_Root_Certification_Authority] and "imported" in your Debian the "Entrust 
Root Certification Authority"?

Otherwise I suggest you to disable the verification of the Apple remote peer 
commenting out this line:

$push->setRootCertificationAuthority('entrust_root_certification_authority.pem')
;

Ciao,

Aldo

Original comment by aldo.arm...@gmail.com on 25 Aug 2010 at 3:36

Google Code Exporter · Answer 2 · Tue Jan 26 2016 12:25:14 GMT+0800 (China Standard Time)

Hi Aldo,

Thanks for your response.

As far as I can tell the Entrust Root Certification Authority crts are present:

$ dpkg-query -L ca-certificates | grep Entrust
/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Global_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Personal_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Global_Secure_Personal_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.cr
t
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt

and I can verify the .pem used by the PHP code with openssl:

$ openssl verify ../data/certificates/entrust_root_certification_authority.pem 
../data/certificates/entrust_root_certification_authority.pem: OK

Disabling verification works but is not a nice solution. I'm lost for things to 
try though.

Original comment by dca...@gmail.com on 25 Aug 2010 at 5:05

Google Code Exporter · Answer 3 · Tue Jan 26 2016 12:25:14 GMT+0800 (China Standard Time)

[deleted comment]

Google Code Exporter · Answer 4 · Tue Jan 26 2016 12:25:14 GMT+0800 (China Standard Time)

Hi!

I'm also using Debian (Lenny) on my servers.

Please download the right certificate (in PEM format) from 
https://www.entrust.net/downloads/root_index.cfm

I'm able to verify peer using the second one (Entrust CA (2048)) 
[https://www.entrust.net/downloads/binary/entrust_2048_ca.cer]

Ciao,

Aldo

Original comment by aldo.arm...@gmail.com on 26 Aug 2010 at 11:55