Geek Answers Handbook

File_get_contents (): partner certificate did not match

I used PHP 5.5, but I have to upgrade it, and now I am using PHP 5.6.19.

Now, when I try to contact an external API, I get a warning:

Warning: file_get_contents (): partner certificate CN = *.domain.com' did not match expected CN= api.domain.com'

This was not related to a previous version of PHP.

  $encryptedEncodedData // this is json encoded //array, then encrypted by mcrypt with rijndael-128 and finally bin2hex. $context = stream_context_create(array( 'http' => array( 'method' => 'POST', 'header' => 'Content-Type: application/json', 'content' => $encryptedEncodedData, ) )); $api = 'https://api.domain.com/service'; $response = file_get_contents($api, FALSE, $context);

I do not know what is needed for this warning.

I decided to disable peer veryfi until my administrators fix the certificate issue and I changed the following context:

 $context = stream_context_create(array( 'http' => array( 'method' => 'POST', 'header' => 'Content-Type: application/json', 'content' => $encryptedEncodedData, 'verify_peer' => false, 'verify_peer_name' => false, ), ) );

but still not working. Did I do it right? This is a warning.

+6
source share
3 answers

There seems to be something wrong with the SSL certificate.

But the settings are changed in php 5.6, you can fix this by ignoring the check, or when you have your own allow_self_signed certificate that can be linked.

  stream_context_create($ourStuff, ['verify_peer' => false]);

Additional information and settings: http://php.net/manual/en/context.ssl.php

Applies to http://php.net/manual/en/function.stream-context-create.php

Please note that disabling verification may pose a security risk and should only be performed if you know what you are doing.

The default value for verify_peer has been changed to true in newer versions of PHP (> = 5.6). This means that there is always a security risk.

As already noted, you should only do this when you are sure that all other things are correct, like your own php configuration:

Step 1: check the remote certificate if it is really used with the openssl CLI tool or any other methods that you prefer. If the remote certificate is ok.

Step 2: find out why PHP cannot accept it. If this is because PHP is having trouble verifying wildcard certificates, see if there is any fix there. Or if this is because PHP does not have a local CA store, which is easy to fix.

Step 3: disable peer checking.

-one
source

Temporary Fixation:

 $context = stream_context_create(array( 'http' => array( 'method' => 'POST', 'header' => 'Content-Type: application/json', 'content' => $encryptedEncodedData, ), 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), ) );

Thank you all

+1
source

This works for me. The key set the allow_self_signed parameter to TRUE.

  stream_context_set_default(array( 'ssl' => array( 'peer_name' => 'generic-server', 'verify_peer' => FALSE, 'verify_peer_name' => FALSE, 'allow_self_signed' => TRUE ))); $response = file_get_contents($url, FALSE);
+1
source

More articles:


All Articles