PF Wordpress and Serendipity maybe being affected by packet filtering

Found the issue with Wordpress, firewall was blocking not packet filtering.

And for serendipity from https://board.s9y.org/viewtopic.php?t=25672&start=30

Okay, so openssl.ca file is empty. I think that's around where the problem is. The error message showed PHP is failing to valdiate github's certificate:
CODE: SELECT ALL
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
I assume there is something misconfigured, either the local cert collection is missing or can't be read by PHP. The server time is set correctly, right?

As in https://github.com/composer/composer/issues/8312, you could try to download a fresh cacert.pem and configure PHP to use it for openssl, via the openssl.ca file setting. Otherwise you would need someone with knowledge about FreeBSD on what might be wrong with the cert chain here. This is likely a bug in FreeBSD.
 
Sorry, what?

Found the issue with Wordpress, firewall was blocking not packet filtering.

How is that an issue with Wordpress? Or was their firewall blocking you? I don't suppose it matters if you got it resolved, but if someone has similar issues in the future it might help them to clear up what you mean.

On the SSL certficates, again, what? What is on line 15 of the testcode.php - what is it trying to do (that line and that script)?

Is it using cURL? Maybe you need to tweak the SSL-related options the code is using.
 
Here is the test script

<?php

$url="https://raw.github.com/s9y/additional_plugins/master/package_sidebar_en.xml";

$curl_session = curl_init();
curl_setopt($curl_session ,CURLOPT_URL,$url);
$result = curl_exec($curl_session );
curl_close($curl_session );
if ($result) {
echo "curl seems to work";
}

sleep(2);

$result = file_get_contents($url);

if ($result) {
echo "fopen seems to work";
}

sleep(2);
#require_once './bundled-libs/Net/URL2.php';
#require_once './bundled-libs/HTTP/Request2/PEAR/Exception.php';
set_include_path('./bundled-libs/');
require_once './bundled-libs/' . 'HTTP/Request2.php';
$options = array('follow_redirects' => true, 'max_redirects' => 5);

$req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET, $options);
try {
$response = $req->send();
if ($response->getStatus() != '200') {
throw new HTTP_Request2_Exception('Statuscode not 200, Akismet HTTP verification request failed.');
}
} catch (HTTP_Request2_Exception $e) {
echo $e;
}

$result = $response->getBody();

if ($result) {
echo "http_request2 seems to work";
}
 
rootnl2k said:
That script was used for testing by s9y.org
Click to expand...
OK, I don't think that script will work with newer versions of PHP when going to a site using https.

I had to change a PHP script with this:
Code: 
        $arrContextOptions=array(
                "ssl"=>array(
                        "cafile"=>"/usr/local/openssl/cert.pem",
                        "verify_peer"=>true,
                        "verify_peer_name"=>true,
                ),
        );

...
$result=file_get_contents($url,false,stream_context_create($arrContextOptions));

But not sure how this is related to whatever it is you are trying to fix. I use OpenSSL from ports, so I think that's where /usr/local/openssl will come from.
 
You must log in or register to reply here.
Back
Top