Added by Renato Botelho about 9 years ago. Updated over 5 years ago.
100%
Description
To reproduce setup 2 pfSense boxes using https and then set HA XMLRPC sync and Notices like this will popup:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.1.6:443. @ 2015-10-21 12:08:46
Updated by Chris Buechler about 9 years ago
Updated by Jeremy Porter about 9 years ago
Tried turning off config sync over HTTPS, still get errors, will capture some traffic in a bit:
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 14:21:47 2015-11-12 14:21:48
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443. 2015-11-12 16:30:53 2015-11-12 16:30:54
A communications error occurred while attempting XMLRPC sync with username admin https://192.168.13.3:443.
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 16:54:37 2015-11-12 16:55:57
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload 2015-11-12 20:37:09 2015-11-12 20:47:12
An error code was received while attempting XMLRPC sync with username admin http://192.168.13.3:80 - Code 2: Invalid return payload: enable debugging to examine incoming payload
Updated by Chris Buechler about 9 years ago
This looks to be something enabling certificate validation where it wasn't enabled before, though not clear where that is. Not web server-specific as it's the same if you swap out lighttpd for nginx. It fails before even sending the request.
It works fine over HTTP.
Updated by Renato Botelho about 9 years ago
Since PHP 5.6 fsockopen() started to validate SSL certificate, and it doesn't provide an option to disable verification. Replace all calls by stream_socket_client() disabling, code sample here:
Updated by
$context_options = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
);
$context = stream_context_create($context_options);
$fp = stream_socket_client("{$protocol}{$server}:{$port}",
$this->errno, $this->errstr, $timeout,
STREAM_CLIENT_CONNECT, $context);
Updated by Renato Botelho about 9 years ago
Updated by Renato Botelho about 9 years ago
Applied in changeset 8540bdcbb64162f9afb3361f395c0e4f301312b2.
Updated by Chris Buechler about 9 years ago
fixed
Updated by