Best IT Recipes

Disable certificate verification in PHP SoapClient

Summary:
Is there a way to force the built-in SoapClient class in PHP to connect via HTTPS to a server with an invalid certificate?

Why do I want to do this?
I deployed a new application on a server that does not yet have a DNS record or certificate. I want to try connecting to it using SoapClient before setting up the DNS record and fixing the certificate, and the most sensible way to do this seems to be to simply force the client to ignore the certificate during testing.

I don’t understand that this is a huge security risk?
This is for testing only. When the service goes into production, a valid certificate will be installed and the client will be forced to verify it.

+44
soap php ssl soap-client
Dec 9 2018-11-11T00: 00Z
source share
3 answers

SoapClient accepts the context of the stream in its parameters, which you can create yourself. Thus, you can control almost all aspects of the transport layer:

 $context = stream_context_create([ 'ssl' => [ // set some SSL/TLS specific options 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ] ]); $client = new SoapClient(null, [ 'location' => 'https://...', 'uri' => '...', 'stream_context' => $context ]);

Documentation:

+68
Dec 09 '11 at 3:26 a.m.
source share

The accepted answer works, but only in a mode other than WSDL. If you try to use this in WSDL mode (for example, you pass the URL of the WSDL file as the first argument), you will have to face the fact that when loading a WSDL stream, the context of the stream is ignored. Therefore, if the WSDL file is also located on the server with a broken certificate, it will fail, most likely it will throw the message failed to load external entity . More details here and here .

As suggested, the easiest way is to manually load the WSDL file and transfer the local copy to SoapClient. You can load it, for example, with file_get_contents , using the same stream context from the received answer.

Note that you will also need to do this when creating SoapServer.

+10
Jun 24 '15 at 9:15
source share

The correct list for PHP 5.6.8 is

'ssl' => array ('verify_peer_name' => false, 'allow_self_signed' => true),

+2
May 11 '15 at 18:35
source share


More articles:


All Articles