Showing posts with label mod-ssl. Show all posts
Showing posts with label mod-ssl. Show all posts

Tuesday, August 30, 2022

[FIXED] How to solve Error: Need OpenSSL support for https:// requests?

      , , ,      No comments   

Issue

I am using the VWS - PHP Samples and it works as expected from local PC, but when I uploaded it to the server it is giving me the following error:

POST 999e93717344885fd7c458301a5b00c9 application/json Thu, 11 Sep 2014 08:14:20 GMT /targetsError: Need OpenSSL support for https:// requests

the domain name is https enabled with a certificate from GoDaddy, what is going wrong?

define("SERVER_ACCESS_KEY", "12345678");
            define("SERVER_SECRET_KEY", "654321");
            define("TARGET_NAME", $campaignname);
            define("IMAGE_LOCATION", $directory . '/dispatcher.' . $path_parts['extension']);

            $this->load->library('Vuforia/PostNewTarget');

the sample code is SignatureBuilder.php:

<?php

/**
 * Copyright (c) 2011-2013 Qualcomm Austria Research Center GmbH. All rights Reserved. Nothing in these materials is an offer to sell any of the components or devices referenced herein. Qualcomm is a trademark of QUALCOMM Incorporated, registered in the United States and other countries.Vuforia is a trademark of QUALCOMM Incorporated. Trademarks of QUALCOMM Incorporated are used with permission.
 * Vuforia SDK is a product of Qualcomm Austria Research Center GmbH. Vuforia Cloud Recognition Service is provided by Qualcomm Technologies, Inc..
 *
 * This Vuforia (TM) sample code provided in source code form (the "Sample Code") is made available to view for reference purposes only. 
 * If you would like to use the Sample Code in your web application, you must first download the Vuforia Software Development Kit and agree to the terms and conditions of the License Agreement for the Vuforia Software Development Kit, which may be found at https://developer.vuforia.com/legal/license. 
 * Any use of the Sample Code is subject in all respects to all of the terms and conditions of the License Agreement for the Vuforia Software Development Kit and the Vuforia Cloud Recognition Service Agreement. 
 * If you do not agree to all the terms and conditions of the License Agreement for the Vuforia Software Development Kit and the Vuforia Cloud Recognition Service Agreement, then you must not retain or in any manner use any of the Sample Code.
 * 
 */

class SignatureBuilder{

    private $contentType = '';
    private $hexDigest = 'd41d8cd95fa11b204e7600998ecf8427e'; // Hex digest of an empty string

    public function tmsSignature( $request , $secret_key ){

        $method = $request->getMethod();
        // The HTTP Header fields are used to authenticate the request
        $requestHeaders = $request->getHeaders();
        // note that header names are converted to lower case
        $dateValue = $requestHeaders['date'];

        $requestPath = $request->getURL()->getPath();

        // Not all requests will define a content-type
        if( isset( $requestHeaders['content-type'] ))
            $this->contentType = $requestHeaders['content-type'];

        if ( $method == 'GET' || $method == 'DELETE' ) {
            // Do nothing because the strings are already set correctly
        } else if ( $method == 'POST' || $method == 'PUT' ) {
            // If this is a POST or PUT the request should have a request body
            $this->hexDigest = md5( $request->getBody() , false );

        } else {
            print("ERROR: Invalid content type passed to Sig Builder");
        }



        $toDigest = $method . "\n" . $this->hexDigest . "\n" . $this->contentType . "\n" . $dateValue . "\n" . $requestPath ;

        echo $toDigest;

        $shaHashed = "";

        try {
            // the SHA1 hash needs to be transformed from hexidecimal to Base64
            $shaHashed = $this->hexToBase64( hash_hmac("sha1", $toDigest , $secret_key) );

        } catch ( Exception $e) {
            $e->getMessage();
        }

        return $shaHashed;  
    }


    private function hexToBase64($hex){

        $return = "";

        foreach(str_split($hex, 2) as $pair){

            $return .= chr(hexdec($pair));

        }

        return base64_encode($return);
    }


}

the sample code is PostNewTarget.php:

<?php

require_once 'HTTP/Request2.php';
require_once 'SignatureBuilder.php';

// See the Vuforia Web Services Developer API Specification - https://developer.vuforia.com/resources/dev-guide/retrieving-target-cloud-database
// The PostNewTarget sample demonstrates how to update the attributes of a target using a JSON request body. This example updates the target's metadata.

class PostNewTarget{

    //Server Keys
    private $access_key     = SERVER_ACCESS_KEY;
    private $secret_key     = SERVER_SECRET_KEY;

    //private $targetId         = "eda03583982a41dcbe9ca7f30731b9b1";
    private $url            = "https://vws.vuforia.com";
    private $requestPath    = "/targets";
    private $request;       // the HTTP_Request2 object
    private $jsonRequestObject;

    private $targetName     = TARGET_NAME;
    private $imageLocation  = IMAGE_LOCATION;

    function PostNewTarget(){

        $this->jsonRequestObject = json_encode( array( 'width'=>320.0 , 'name'=>$this->targetName , 'image'=>$this->getImageAsBase64() , 'application_metadata'=>base64_encode("Vuforia test metadata") , 'active_flag'=>1 ) );

        $this->execPostNewTarget();

    }

    function getImageAsBase64(){

        $file = file_get_contents( $this->imageLocation );

        if( $file ){

            $file = base64_encode( $file );
        }

        return $file;

    }

    public function execPostNewTarget(){

        $this->request = new HTTP_Request2();
        $this->request->setMethod( HTTP_Request2::METHOD_POST );
        $this->request->setBody( $this->jsonRequestObject );

        $this->request->setConfig(array(
                'ssl_verify_peer' => false
        ));

        $this->request->setURL( $this->url . $this->requestPath );

        // Define the Date and Authentication headers
        $this->setHeaders();


        try {

            $response = $this->request->send();

            if (200 == $response->getStatus() || 201 == $response->getStatus() ) {
                echo $response->getBody();
            } else {
                echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
                        $response->getReasonPhrase(). ' ' . $response->getBody();
            }
        } catch (HTTP_Request2_Exception $e) {
            echo 'Error: ' . $e->getMessage();
        }


    }

    private function setHeaders(){
        $sb =   new SignatureBuilder();
        $date = new DateTime("now", new DateTimeZone("GMT"));

        // Define the Date field using the proper GMT format
        $this->request->setHeader('Date', $date->format("D, d M Y H:i:s") . " GMT" );

        $this->request->setHeader("Content-Type", "application/json" );
        // Generate the Auth field value by concatenating the public server access key w/ the private query signature for this request
        $this->request->setHeader("Authorization" , "VWS " . $this->access_key . ":" . $sb->tmsSignature( $this->request , $this->secret_key ));

    }
}

Loaded Modules

Configure Command

when I try to install OpenSSL

    yum install php-openssl openssl
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: centos.mirrors.atwab.net
 * extras: centos.mirrors.atwab.net
 * updates: centos.mirrors.atwab.net
base                                                                                                                                                                                                              | 3.7 kB     00:00     
extras                                                                                                                                                                                                            | 3.3 kB     00:00     
updates                                                                                                                                                                                                           | 3.4 kB     00:00     
updates/primary_db                                                                                                                                                                                                | 5.3 MB     00:00     
Setting up Install Process
No package php-openssl available.
Package openssl-1.0.1e-16.el6_5.15.x86_64 already installed and latest version
Nothing to do

I tried this code to see is openssl is available:

if (!extension_loaded('openssl')) {
    echo "no openssl extension loaded.";
}

the result is:

no openssl extension loaded.

this is on CentOS - PHP Version 5.2.17


Solution

Error: Need OpenSSL support for https:// requests

This error occurs when HTTP_Request2 does not find ssl in your stream transports list. The OpenSSL PHP extension must be installed in order to use the https stream protocol wrapper.

This has nothing to do with Apache's mod_ssl or whether your site is served via https. It's about PHP connecting to the url "https://vws.vuforia.com" to perform a request.



Answered By - user3942918
Answer Checked By - Marilyn (PHPFixing Volunteer)

Friday, June 24, 2022

[FIXED] How to force Apache 2.2 to send the full certificate chain?

      , , , ,      No comments   

Issue

We are using Apache 2.2.25 with mod_ssl in the reverse proxy mode using mod_proxy. It has a server certificate we use for testing purposes, issued by GoDaddy. There are 3 certificates in the chain, server cert -> GoDaddy intermediate CA -> GoDaddy Root CA. The intermediate CA (Go Daddy Secure Certificate Authority - G2) is not always found in clients' list of trusted CA.

The SSL connection to the server works well for browsers (at least for some), but not for some other clients. We noticed that our server does not send the full certificate chain, by using the following command: openssl s_client -showcerts -connect SERVER_URL:443, and indeed the command reports the error Verify return code: 21 (unable to verify the first certificate)

We use the SSLCertificateFile directive in each VirtualHost:

SSLCertificateFile certificate.crt

Where the certificate.crt file contains the private key and all the certificates in the chain. We tried to split it into the following:

SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
SSLCertificateChainFile chain.crt

But this didn't change anything.

Thanks for your help!

EDIT
The plot thickens - it seems to be some combination of the certificate and the server.
(testing is done with the SSL Shopper tool)

  1. Go Daddy certificate (as above) on Apache 2.2 (RHEL) - does not work
  2. same certificate, on IIS7 - works
  3. customer's certificate (from Comodo) on Apache 2.2 RHEL - works

Solution

You are on the right track.

SSLCertificateFile server.crt      >> Your public certificate
SSLCertificateKeyFile server.key   >> Your private key
SSLCertificateChainFile chain.crt  >> List of intermediate certificates;
                                 in your case, only one - GoDaddy intermediate CA

Check your server configuration with a tool like SSL Labs to determine if you are sending the correct intermediate certificate.



Answered By - Anand Bhat
Answer Checked By - Terry (PHPFixing Volunteer)

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...