Bug #5329
closed
XMLRPC HA sync is not working with https
100%
Description
To reproduce setup 2 pfSense boxes using https and then set HA XMLRPC sync and Notices like this will popup:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.1.6:443. @ 2015-10-21 12:08:46
Updated by
Updated by Chris Buechler almost 10 years ago
- Status changed from New to Confirmed
- Priority changed from Normal to High
Updated by Jeremy Porter almost 10 years ago
Tried turning off config sync over HTTPS, still get errors, will capture some traffic in a bit:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 14:21:47 2015-11-12 14:21:48
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 16:30:53 2015-11-12 16:30:54
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 16:54:37 2015-11-12 16:55:57
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 20:37:09 2015-11-12 20:47:12
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
Updated by Chris Buechler almost 10 years ago
- Category changed from High Availability to 62
This looks to be something enabling certificate validation where it wasn't enabled before, though not clear where that is. Not web server-specific as it's the same if you swap out lighttpd for nginx. It fails before even sending the request.
It works fine over HTTP.
Updated by Renato Botelho almost 10 years ago
- Tracker changed from Bug to Todo
- Subject changed from XMLRPC HA sync is not working with https to Replace fsockopen() calls by stream_socket_client()
Since PHP 5.6 fsockopen() started to validate SSL certificate, and it doesn't provide an option to disable verification. Replace all calls by stream_socket_client() disabling, code sample here:
$context_options = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
);
$context = stream_context_create($context_options);
$fp = stream_socket_client("{$protocol}{$server}:{$port}",
$this->errno, $this->errstr, $timeout,
STREAM_CLIENT_CONNECT, $context);
Updated by Renato Botelho almost 10 years ago
- Tracker changed from Todo to Bug
- Subject changed from Replace fsockopen() calls by stream_socket_client() to XMLRPC HA sync is not working with https
- Status changed from Confirmed to Assigned
Updated by Renato Botelho almost 10 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Applied in changeset 8540bdcbb64162f9afb3361f395c0e4f301312b2.
Updated by Chris Buechler almost 10 years ago
- Status changed from Feedback to Resolved
- Affected Version set to 2.3
fixed
Updated by