Bug #5329
closed
XMLRPC HA sync is not working with https
100%
Description
To reproduce setup 2 pfSense boxes using https and then set HA XMLRPC sync and Notices like this will popup:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.1.6:443. @ 2015-10-21 12:08:46
Updated by
Updated by Chris Buechler about 9 years ago
- Status changed from New to Confirmed
- Priority changed from Normal to High
Updated by Jeremy Porter about 9 years ago
Tried turning off config sync over HTTPS, still get errors, will capture some traffic in a bit:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 14:21:47 2015-11-12 14:21:48
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 16:30:53 2015-11-12 16:30:54
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 16:54:37 2015-11-12 16:55:57
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 20:37:09 2015-11-12 20:47:12
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
Updated by Chris Buechler about 9 years ago
- Category changed from High Availability to 62
This looks to be something enabling certificate validation where it wasn't enabled before, though not clear where that is. Not web server-specific as it's the same if you swap out lighttpd for nginx. It fails before even sending the request.
It works fine over HTTP.
Updated by Renato Botelho about 9 years ago
- Tracker changed from Bug to Todo
- Subject changed from XMLRPC HA sync is not working with https to Replace fsockopen() calls by stream_socket_client()
Since PHP 5.6 fsockopen() started to validate SSL certificate, and it doesn't provide an option to disable verification. Replace all calls by stream_socket_client() disabling, code sample here:
$context_options = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
);
$context = stream_context_create($context_options);
$fp = stream_socket_client("{$protocol}{$server}:{$port}",
$this->errno, $this->errstr, $timeout,
STREAM_CLIENT_CONNECT, $context);
Updated by Renato Botelho about 9 years ago
- Tracker changed from Todo to Bug
- Subject changed from Replace fsockopen() calls by stream_socket_client() to XMLRPC HA sync is not working with https
- Status changed from Confirmed to Assigned
Updated by Renato Botelho about 9 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Applied in changeset 8540bdcbb64162f9afb3361f395c0e4f301312b2.
Updated by Chris Buechler about 9 years ago
- Status changed from Feedback to Resolved
- Affected Version set to 2.3
fixed
Updated by