Hi Matthew, Joachim and community, As its a local dev machine so I am using the phpCAS::setNoCasServerValidation(); , so I am not sure why i am repeatedly hit by this error. Also my certs are self generated keystore for tomcat, so that tomcat ssl is working good. Also client php is placed at apache which now also have their certs and stuff.
Still I am unable to reach the cause of this error. Can you direct me further on where to look to find and resolve the issue. Best regards, Khurram. On 7 March 2012 01:02, Joachim Fritschi <[email protected]> wrote: > Hi Khurram, > > Matthew has already spotted the error in your debug log. > > You seem to have some SSL error during the callback to the cas server to > validate the ticket. This is usually cause by not setting the CA > certificate which signed the CAS server SSL certificate: > > phpCAS::setCasServerCACert($**cas_server_ca_cert_path); > > or not skipping certificate validation (not recommended for production): > > phpCAS::**setNoCasServerValidation(); > > Otherwise the curl manual for #35 is a handshake error: > > "A problem occurred somewhere in the SSL/TLS handshake. You really want > the error buffer and read the message there as it pinpoints the problem > slightly more. Could be certificates (file formats, paths, permissions), > passwords, and others." > > Maybe you have supplied a wrong format as a certificate or something else > went wrong. Try using curl on the commandline to connect to the cas server. > That might give you some hint if you play around with the parameters. > (debug, verbose, setting certificate etc.) > > Regards, > > Joachim > > On 06.03.2012 18:11, Matthew Selwood wrote: > >> Hi Khurram, >> >> I think this is the interesting part of your log: >> >> F3DE .| | | could not open URL >> 'https://localhost:8443/cas-**server-webapp-3.4.11/** >> proxyValidate?service=http%3A%**2F%2Flocalhost%2FtestApp%** >> 2Findex.php&ticket=ST-29-**1fcy5UPRwNcc7sve4c1L-cas<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> >> <https://localhost:8443/cas-**server-webapp-3.4.11/** >> proxyValidate?service=http%3A%**2F%2Flocalhost%2FtestApp%** >> 2Findex.php&ticket=ST-29-**1fcy5UPRwNcc7sve4c1L-cas<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> >> >' >> to validate (CURL error #35: error:14077438:SSL >> routines:SSL23_GET_SERVER_**HELLO:tlsv1 alert internal error) >> [Client.php:2595] >> F3DE .| | | => CAS_Client::authError('PT not validated', >> 'https://localhost:8443/cas-**server-webapp-3.4.11/** >> proxyValidate?service=http%3A%**2F%2Flocalhost%2FtestApp%** >> 2Findex.php&ticket=ST-29-**1fcy5UPRwNcc7sve4c1L-cas<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> >> <https://localhost:8443/cas-**server-webapp-3.4.11/** >> proxyValidate?service=http%3A%**2F%2Flocalhost%2FtestApp%** >> 2Findex.php&ticket=ST-29-**1fcy5UPRwNcc7sve4c1L-cas<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> >> >', >> true) [Client.php:2598] >> F3DE .| | | | => CAS_Client::getURL() [Client.php:3014] >> F3DE .| | | | <= >> 'http://localhost/testApp/**index.php<http://localhost/testApp/index.php> >> ' >> F3DE .| | | | CAS URL: >> https://localhost:8443/cas-**server-webapp-3.4.11/** >> proxyValidate?service=http%3A%**2F%2Flocalhost%2FtestApp%** >> 2Findex.php&ticket=ST-29-**1fcy5UPRwNcc7sve4c1L-cas<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> >> <https://localhost:8443/cas-**server-webapp-3.4.11/** >> proxyValidate?service=http%3A%**2F%2Flocalhost%2FtestApp%** >> 2Findex.php&ticket=ST-29-**1fcy5UPRwNcc7sve4c1L-cas<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> >> > >> [Client.php:3015] >> F3DE .| | | | Authentication failure: PT not validated [Client.php:3016] >> F3DE .| | | | Reason: no response from the CAS server [Client.php:3018] >> F3DE .| | | | exit() >> >> You aren't properly validating your service ticket because the CURL >> failed. >> >> "URLE_SSL_CONNECT_ERROR (35) >> >> A problem occurred somewhere in the SSL/TLS handshake. You really want >> the error buffer and read the message there as it pinpoints the problem >> slightly more. Could be certificates (file formats, paths, permissions), >> passwords, and others." >> Source: >> http://curl.haxx.se/libcurl/c/**libcurl-errors.html<http://curl.haxx.se/libcurl/c/libcurl-errors.html> >> >> I'm guessing it's a certificate issue. What do you see in cas.log? >> >> Matt >> > > >> > > -- > You are currently subscribed to [email protected] as: > khurram.shahzad@zeptosystems.**com <[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
