Bug #5329
closed
XMLRPC HA sync is not working with https
Added by Renato Botelho almost 9 years ago.
Updated about 5 years ago.
Description
To reproduce setup 2 pfSense boxes using https and then set HA XMLRPC sync and Notices like this will popup:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.1.6:443. @ 2015-10-21 12:08:46
- Assignee set to Renato Botelho
- Status changed from New to Confirmed
- Priority changed from Normal to High
Tried turning off config sync over HTTPS, still get errors, will capture some traffic in a bit:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 14:21:47
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
2015-11-12 14:21:48
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 16:30:53
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
2015-11-12 16:30:54
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 16:54:37
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
2015-11-12 16:55:57
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 20:37:09
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
2015-11-12 20:47:12
- Category changed from High Availability to 62
This looks to be something enabling certificate validation where it wasn't enabled before, though not clear where that is. Not web server-specific as it's the same if you swap out lighttpd for nginx. It fails before even sending the request.
It works fine over HTTP.
- Tracker changed from Bug to Todo
- Subject changed from XMLRPC HA sync is not working with https to Replace fsockopen() calls by stream_socket_client()
Since PHP 5.6 fsockopen() started to validate SSL certificate, and it doesn't provide an option to disable verification. Replace all calls by stream_socket_client() disabling, code sample here:
$context_options = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
);
$context = stream_context_create($context_options);
$fp = stream_socket_client("{$protocol}{$server}:{$port}",
$this->errno, $this->errstr, $timeout,
STREAM_CLIENT_CONNECT, $context);
- Tracker changed from Todo to Bug
- Subject changed from Replace fsockopen() calls by stream_socket_client() to XMLRPC HA sync is not working with https
- Status changed from Confirmed to Assigned
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
- Affected Version set to 2.3
- Category changed from 62 to XMLRPC
Also available in: Atom
PDF