[Reader] Unable to enable crypto on TCP connection

[lethak]

Problem

Sometimes you can get an error when trying to request a feed using https.

 [Zend\Http\Client\Adapter\Exception\RuntimeException]                                       
  Unable to enable crypto on TCP connection domain.tld: make sure the "sslca  
  file" or "sslcapath" option are properly set for the environment.                           

  [ErrorException]                                                                          
  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:  
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed    

Workaround

If you doesn't care about SSL certificates you can do this:

Using ...

use Zend\Feed\Reader\Reader as ZendFeedReader;
use Zend\Http\Client as ZendHttpClient;

Controller / Command:

        /** @var \Eko\FeedBundle\Feed\Reader $FeedReader */
        $FeedReader = $this->getContainer()->get('eko_feed.feed.reader');


        $httpClientOptions = array(
            'adapter'      => 'Zend\Http\Client\Adapter\Socket',
            'persistent'=>false,

            'sslverifypeer' => false,
            'sslallowselfsigned' => true,
            'sslusecontext'=>true,

            'ssl' => array(
            'verify_peer' => false,
            'allow_self_signed' => true,
            'capture_peer_cert' => true,
            ),

            'useragent' => 'Feed Reader',
        );

        ZendFeedReader::setHttpClient(new ZendHttpClient(null, $httpClientOptions));

        /** @var \Zend\Feed\Reader\Feed\FeedInterface $Feed */
        $Feed = $FeedReader->load('domain.tld/rss')->get();

[eko]

Hi @lethak,

Thank you for this workaround about SSL, I've never had the use case.

I think the principal option needed here is sslverifypeer in order to do not check the certificate?

[lethak]

Since I am testing from localhost / windows without proper SSL environment setup, this is the idea yes.

Depending on the adapter (curl or socket) and zf version, it may be verify_peer instead of sslverifypeer This workaround is tested and working. I found it a while ago using Zend Http Client and just stumbled on it again trying your bundle.

Since you are not providing an instance of ZendHttpClient from your FeedReader to ZendFeedReader, this last one is falling back to a default ZendHttpClient, modifiable via the static method ZendFeedReader::setHttpClient.

A more elegant solution could be to have a public function from FeedReader to set the http client options there.

I will make a pull request when able in the near future.
Good work on your bundle by the way, it looks like it will help me gain a lot of time :)

[eko]

Alright, I understand the issue.

You're welcome to submit a pull request in order to add parameters to provide ZendHttpClient/parameters.

Let me know if you haven't enough time to work on it, I can try to find some.

Thank you for pointing out this issue!

[dunglehome]

Do you have any update on this issue? I have used the workaround by @lethak and it works. This issue i found in "eko/feedbundle": "^1.2".

Thanks and have a great day!

[lethak]

Unfortunately I had/will not have time to implement a solution in a pull request anytime soon, sorry.
You can feel free to do so if it was not solved already ;)