无法与SOAP unistream建立安全连接

I have problem with interaction with Unistream service by SOAP-client and by curl too.

我遇到了SOAP-client和curl与Unistream服务交互的问题。

My environment: Ubuntu 15.04, php 5.64

我的环境:Ubuntu 15.04,php 5.64

Some history: unistream's support asked us generate certifiate: makecert.exe -n "CN=some_name" -ss My -r -m 120 -pe -sky exchange -a sha1, then export by mmc end send certificate to them. Ok, we do this and got certificate generated on their side. I convert their certificate to pem-format and try use is php SoapClient:

一些历史:unistream的支持要求我们生成证书:makecert.exe -n“CN = some_name”-ss My -r -m 120 -pe -sky exchange -a sha1,然后通过mmc end send certificate导出给他们。好的,我们这样做并获得了他们身边的证书。我将他们的证书转换为pem格式并尝试使用是php SoapClient:

    $soap = new SoapClient("http://test2.unistream.com:82/wcflib-tc/service.svc?wsdl", [
    'encoding' => 'UTF-8',
    'trace' => true,
    'local_cert' => $cert_path,
    'soap_version' => SOAP_1_2,
    'connection_timeout' => 180,
    'cache_wsdl' => WSDL_CACHE_NONE
]);
$data = $soap->GetCountriesChanges(['requestMessage'=>[
        'AuthenticationHeader'=>[
            'AppKey'=>'*',
            'Password'=>'*',
            'Username'=>'*',
        ],
        'UpdateCount'=>1000
    ]]);

And i got nothing. I try the same with python soap library, with soapui and got nothing too, timeout. Ok, i look it with wireshark, and saw that soap client recieve all xsd schemas and etc and then connection interrupt after post request to url: http://test2.unistream.com:82/wcflib-tc/service.svc, just timeout. And i saw only plain http with xml, no packets with ssl. Ok, i try send post-request on this url:

我一无所获。我尝试使用python soap库,使用soapui并没有得到任何东西,超时。好吧,我看看wireshark,并看到肥皂客户端接收所有xsd架构等,然后连接中断后发送请求到url:http://test2.unistream.com:82 / wcflib-tc / service.svc,只是超时。我只看到带有xml的普通http,没有带有ssl的数据包。好的,我尝试在这个网址上发送post-request:

ini_set('default_socket_timeout', 30);
$request_string =
    '<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"
              xmlns:ns1="http://schemas.datacontract.org/2004/07/WcfServiceLib"
              xmlns:ns2="http://schemas.datacontract.org/2004/07/WcfServiceLib.Utils"
              xmlns:ns3="http://schemas.datacontract.org/2004/07/WcfServiceLib.Dictionaries.Country"
              xmlns:ns4="http://test.unistream.com/wcflib/">
    <env:Body>
        <ns4:GetCountriesChanges>
            <ns4:requestMessage>
                <ns2:AuthenticationHeader>
                    <ns1:AppKey>*</ns1:AppKey>
                    <ns1:Password>*</ns1:Password>
                    <ns1:Username>*</ns1:Username>
                </ns2:AuthenticationHeader>
                <ns3:UpdateCount>1000</ns3:UpdateCount>
            </ns4:requestMessage>
        </ns4:GetCountriesChanges>
    </env:Body>
</env:Envelope>
';

$url = 'http://test2.unistream.com:82/wcflib-tc/service.svc';

$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/soap+xml;', 'Charset=utf-8']);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_CAPATH, "/path");
//my cert
curl_setopt($ch, CURLOPT_SSLCERT, "/path/local_cert.pem");
//my private key
curl_setopt($ch, CURLOPT_SSLKEY, "/path/local_key.pem");
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'passwd');
//api's cert
curl_setopt($ch, CURLOPT_CAINFO, '/path/api_cert.cer'); 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_POSTFIELDS, $request_string);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CERTINFO, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_URL, $url);
$result = curl_exec($ch);
print_r($result);
echo "\n";
$error = curl_error($ch);
print_r($error);
echo "\n";

And i get xml with error: "An error occurred when verifying security for the message." If i try send request to url: https://test2.unistream.com:82/wcflib-tc/service.svc i got plain html with error 400 and curl error: "error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol"

我得到错误的xml:“验证邮件的安全性时发生错误。”如果我尝试向网址发送请求:https://test2.unistream.com:82 / wcflib-tc / service.svc我得到了错误400和curl错误的简单html:“错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议“

Support can't help me. They said "we have 10000 working clients, we consult only about high-level api problems and bussines-logic".

支持无法帮助我。他们说“我们有10000个工作客户,我们只咨询高级api问题和bussines-logic”。

Can somebody give me right direction?

有人可以给我正确的方向吗?

1 个解决方案

#1

I don't have docs for unistream.

我没有unistream的文档。

I do know that certificates are transport layer. That means that they occur before anything else. But you're connecting to an HTTP URL, not an HTTPS URL and that means you're not using encryption.

我知道证书是传输层。这意味着它们先于其他任何事物发生。但是,您要连接到HTTP URL,而不是HTTPS URL,这意味着您没有使用加密。

Certificates and encryption are not your problem.

证书和加密不是您的问题。

However, the URL you pasted is simply not listening for connections on that port.

但是,您粘贴的URL只是没有侦听该端口上的连接。

$ curl -v http://test2.unistream.com:82/wcflib-tc/service.svc?wsdl * Trying 94.127.155.67... * Connection timed out after 60001 milliseconds * Closing connection 0 curl: (28) Connection timed out after 60001 milliseconds

$ curl -v http://test2.unistream.com:82/wcflib-tc/service.svc?wsdl *尝试94.127.155.67 ... * 60001毫秒后连接超时*关闭连接0卷曲:(28)连接60001毫秒后超时

You're not using the right address/port number at all.

您根本没有使用正确的地址/端口号。

Get the right url endpoint

获取正确的url端点

don't bother with the client certificate unless the endpoint is using HTTPS

除非端点使用HTTPS,否则不要使用客户端证书

#1