SSL issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL issue

Bryon Czoch
Hi all,

We recently moved our Horizon server behind SSL an we are now getting this error in Vufind(Built on ZF) on the Record view and cant seem to figure it out:

Message: Unable to enable crypto on TCP connection libcat.uchicago.edu: make sure the "sslcapath" option points to a valid SSL certificate directory

We set sslcapath, sslverifypeer and on our FreeBSD server to no avail.

This person had a similar issue: http://sourceforge.net/mailarchive/message.php?msg_id=31151754

Any help would be appreciated,

Thanks,

Bryon
Reply | Threaded
Open this post in threaded view
|

Re: SSL issue

weierophinney
Administrator
On Mon, Sep 16, 2013 at 11:02 AM, Bryon Czoch <[hidden email]> wrote:

> Hi all,
>
> We recently moved our Horizon server behind SSL an we are now getting this error in Vufind(Built on ZF) on the Record view and cant seem to figure it out:
>
> Message: Unable to enable crypto on TCP connection libcat.uchicago.edu: make sure the "sslcapath" option points to a valid SSL certificate directory
>
> We set sslcapath, sslverifypeer and on our FreeBSD server to no avail.
>
> This person had a similar issue: http://sourceforge.net/mailarchive/message.php?msg_id=31151754
>
> Any help would be appreciated,

This is an issue with the underlying stream context being used to
negotiate SSL connections. The most expedient answer, and likely best,
is to use the Curl adapter instead of the default Stream adapter, as
it negotiates SSL more transparently and robustly.



--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

RE: SSL issue

demiankatz
Bryon,

The Curl adapter was also mentioned in this blog post:

http://blog.debug.cz/2012/11/https-connections-with-zend-framework-2.html

You can set up the adapter using the [Http] section of VuFind's config.ini:

[Http]
adapter = "Zend\Http\Client\Adapter\Curl"
curloptions[CURLOPT_SSL_VERIFYPEER] = true
curloptions[CURLOPT_SSL_VERIFYHOST] = 2
curloptions[CURLOPT_CAINFO] = "/etc/ssl/certs/ca-bundle.pem"

Let me know if you still have problems -- if that doesn't make a difference, I remain suspicious that you may be having trouble getting values passed from config.ini to the VuFind code. There's a simple sanity check to test if this is the case: set adapter to some garbage string -- if configurations are loading correctly, this will cause a fatal error when the framework fails to load a non-existent class. If setting a bad adapter doesn't break your code, then there is a configuration loading problem.

- Demian

> -----Original Message-----
> From: Matthew Weier O'Phinney [mailto:[hidden email]]
> Sent: Monday, September 16, 2013 4:23 PM
> To: [hidden email]
> Subject: Re: [fw-general] SSL issue
>
> On Mon, Sep 16, 2013 at 11:02 AM, Bryon Czoch <[hidden email]> wrote:
> > Hi all,
> >
> > We recently moved our Horizon server behind SSL an we are now getting this
> error in Vufind(Built on ZF) on the Record view and cant seem to figure it
> out:
> >
> > Message: Unable to enable crypto on TCP connection libcat.uchicago.edu: make
> sure the "sslcapath" option points to a valid SSL certificate directory
> >
> > We set sslcapath, sslverifypeer and on our FreeBSD server to no avail.
> >
> > This person had a similar issue:
> http://sourceforge.net/mailarchive/message.php?msg_id=31151754
> >
> > Any help would be appreciated,
>
> This is an issue with the underlying stream context being used to
> negotiate SSL connections. The most expedient answer, and likely best,
> is to use the Curl adapter instead of the default Stream adapter, as
> it negotiates SSL more transparently and robustly.
>
>
>
> --
> Matthew Weier O'Phinney
> Project Lead            | [hidden email]
> Zend Framework          | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
> --
> List: [hidden email]
> Info: http://framework.zend.com/archives
> Unsubscribe: [hidden email]
>