Snider
Libcurl ssl peer verification error
== new details == please see coments below, this is now dealing with a libcurl ssl issue
original title: list_domain_details() should have limit and offset arguments There might be other places where similar changes are needed, but I bumped into this one specifically. I have re-written the function thusly:
public function list_domain_details($domainID = false, $showRecords = false, $showSubdomains = false, $limit=false, $offset=false) {
if ($domainID == false || ! is_numeric ( $domainID )) {
return false;
}
$showRecords = ($showRecords == false) ? 'false' : 'true';
$showRecords = ($showSubdomains == false) ? 'false' : 'true';
$limit = ($limit != false && $limit > 0) ? "&limit=$limit" : '';
$offset = ($offset != false && $offset >= 0) ? "&offset=$offset" : '';
$url = "/domains/$domainID?showRecords=$showRecords&showSubdomains=$showSubdomains{$limit}{$offset}";
return $this->makeApiCall ( $url );
}
Hello Zeut,
Thanks for getting in touch!
Since the default is limit 100 offset 0 I have modified the code for use in the lib.
Want to say thatnk you for rasing this bug prompting me to fix this.
i have packed a version in the download area which should drop into your code no issues.
Regards
Paul Lashbrook, Systems Architect Original Webware Limited
Paul, thank you very much for making this update so quickly. I do appreciate it and appreciate the work you did initially on this project, was a big help for our needs. One additional comment. I had to add the following line inside makeApiCall() around line number 598 or so...
curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, FALSE );
Not sure if I'm doing something wrong, but it was needed for me. Thanks
again!
Matthew T. O'Connor
On Mon, Mar 26, 2012 at 4:19 AM, Paul Lashbrook < [email protected]
wrote:
Hello Zeut,
Thanks for getting in touch!
Since the default is limit 100 offset 0 I have modified the code for use in the lib.
Want to say thatnk you for rasing this bug prompting me to fix this.
i have packed a version in the download area which should drop into your code no issues.
Regards
Paul Lashbrook, Systems Architect Original Webware Limited
Reply to this email directly or view it on GitHub: https://github.com/snider/php-cloudDNS/issues/5#issuecomment-4689647
Hiya,
Ah yes that error, its because your using an outdated version of Curl and the built in list of CA's is outdated so the CA rackspace use for their SSL is not in the list... meaning your unable to verify the peer (the api).
please take a new copy of the git files and just run $dns->set_cabundle(true); before you try to do a API action this will use the packaged pem file i've included in this version.
if it works i will update the download with this change, it would be wise to not bypass the security check and to try and get curl to verify the peer correctly.
Rgds
Paul
Paul, once again thanks for your work on this. Two issues:
-
I had to modify your code to make it work for me (see the attached diff). I think my patch is correct and it was just bug in the code, but maybe I'm missing something.
-
I think the way you did this is a bit inconsistent. The set_cabundle($path = null) function has an argument asking for the path, but you don't use the path they are passing in, the code is assuming that "./share/cacert.pem" exists and is all the user would want to use. Either, the set_cabundle() function should have no argument and just set a flag, or we should respect the path passed in. I would be happy to make a patch that does that if you would like. Just let me know.
Thanks again!
Matthew T. O'Connor
On Tue, Mar 27, 2012 at 7:51 AM, Paul Lashbrook < [email protected]
wrote:
Hiya,
Ah yes that error, its because your using an outdated version of Curl and the built in list of CA's is outdated so the CA rackspace use for their SSL is not in the list... meaning your unable to verify the peer (the api).
please take a new copy of the git files and just run $dns->set_cabundle(true); before you try to do a API action this will use the packaged pem file i've included in this version.
if it works i will update the download with this change, it would be wise to not bypass the security check and to try and get curl to verify the peer correctly.
Rgds
Paul
Reply to this email directly or view it on GitHub: https://github.com/snider/php-cloudDNS/issues/5#issuecomment-4714593
Hiya,
i ported a fix from the official rackspace cloud cdn lib for outdated libcurl installs, that i had to use on a machine before but upgraded libcurl since then... and as you pointed out i did a lazy job and forgot to add the path in the code forcing you to use the supplied pem file.... sorry about that!
i would fix this... but ive found a better way to deal with the rackspace api by using streams and not lib curl.... so im going to adjust the code to beable to use lib curl but prefer streams as things would work better across the board and see if theres any issues with it.
https://github.com/snider/php-notifyMyAndroid/blob/master/nmaApi.class.php#L145
for the notify my android api i've not used libcurl at all but basically the same code logic so easy to port over, my open source day is generally fridays... if i get time to play before then i will :)
the lib curl way would stay so people can pick lib curl if they need to route through a proxy server or somthing the stream ruote cant do (which im not sure what it wont yet)... any fixes to make it work with your setup for everyone in your shoes would be greatly appreciated as i can't test to make sure any fixes i do would fix things nicley :)
Hi Paul, look forward to your next, stream based version. I will be sure to test it!
Thanks again.
On Tue, Apr 3, 2012 at 6:13 AM, Paul Lashbrook < [email protected]
wrote:
Hiya,
i ported a fix from the official rackspace cloud cdn lib for outdated libcurl installs, that i had to use on a machine before but upgraded libcurl since then... and as you pointed out i did a lazy job and forgot to add the path in the code forcing you to use the supplied pem file.... sorry about that!
i would fix this... but ive found a better way to deal with the rackspace api by using streams and not lib curl.... so im going to adjust the code to beable to use lib curl but prefer streams as things would work better across the board and see if theres any issues with it.
https://github.com/snider/php-notifyMyAndroid/blob/master/nmaApi.class.php#L145
for the notify my android api i've not used libcurl at all but basically the same code logic so easy to port over, my open source day is generally fridays... if i get time to play before then i will :)
the lib curl way would stay so people can pick lib curl if they need to route through a proxy server or somthing the stream ruote cant do (which im not sure what it wont yet)... any fixes to make it work with your setup for everyone in your shoes would be greatly appreciated as i can't test to make sure any fixes i do would fix things nicley :)
Reply to this email directly or view it on GitHub: https://github.com/snider/php-cloudDNS/issues/5#issuecomment-4898126
Matthew T. O'Connor