Project

General

Profile

Actions

Bug #5329

closed

XMLRPC HA sync is not working with https

Added by Renato Botelho over 8 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
High
Category:
XMLRPC
Target version:
Start date:
10/21/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:

Description

To reproduce setup 2 pfSense boxes using https and then set HA XMLRPC sync and Notices like this will popup:

A communications error occurred while attempting XMLRPC sync with username admin https://192.168.1.6:443. @ 2015-10-21 12:08:46

Actions #1

Updated by Jim Thompson over 8 years ago

  • Assignee set to Renato Botelho
Actions #2

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Confirmed
  • Priority changed from Normal to High
Actions #3

Updated by Jeremy Porter over 8 years ago

Tried turning off config sync over HTTPS, still get errors, will capture some traffic in a bit:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 14:21:47
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
2015-11-12 14:21:48
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 16:30:53
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
2015-11-12 16:30:54
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 16:54:37
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
2015-11-12 16:55:57
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 20:37:09
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
2015-11-12 20:47:12

Actions #4

Updated by Chris Buechler over 8 years ago

  • Category changed from High Availability to 62

This looks to be something enabling certificate validation where it wasn't enabled before, though not clear where that is. Not web server-specific as it's the same if you swap out lighttpd for nginx. It fails before even sending the request.

It works fine over HTTP.

Actions #5

Updated by Renato Botelho over 8 years ago

  • Tracker changed from Bug to Todo
  • Subject changed from XMLRPC HA sync is not working with https to Replace fsockopen() calls by stream_socket_client()

Since PHP 5.6 fsockopen() started to validate SSL certificate, and it doesn't provide an option to disable verification. Replace all calls by stream_socket_client() disabling, code sample here:

$context_options = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false
    )
);
$context = stream_context_create($context_options);
$fp = stream_socket_client("{$protocol}{$server}:{$port}",
    $this->errno, $this->errstr, $timeout,
    STREAM_CLIENT_CONNECT, $context);
Actions #6

Updated by Renato Botelho over 8 years ago

  • Tracker changed from Todo to Bug
  • Subject changed from Replace fsockopen() calls by stream_socket_client() to XMLRPC HA sync is not working with https
  • Status changed from Confirmed to Assigned
Actions #7

Updated by Renato Botelho over 8 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100
Actions #8

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved
  • Affected Version set to 2.3

fixed

Actions #9

Updated by Jim Pingle over 4 years ago

  • Category changed from 62 to XMLRPC
Actions

Also available in: Atom PDF