[phpxmlrpc] XMLRPC - SSL bug
This may have already been posted, but I had to amend line 605 of xmlrpc.inc to set the CURLOPT_SSL_VERIFYPEER to FALSE to get the module to work. I presume that the end host I was using must be using an incorrect SSL key that doesn't verify? cheers -- Aydin Kurt-Elli edNET t: 0845 119 9900 d: +44 131 514 4025 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Any offers or quotation of service are subject to formal specification. Errors and omissions excepted. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of edNET or lightershade ltd. Finally, the recipient should check this email and any attachments for the presence of viruses. edNET and lightershade ltd accepts no liability for any damage caused by any virus transmitted by this email. -- -- Virus scanned by edNET. ___ phpxmlrpc mailing list [EMAIL PROTECTED] http://lists.usefulinc.com/cgi-bin/mailman/listinfo/phpxmlrpc
[phpxmlrpc] Strange Happenings with xmlrpc.inc
Hello list: I'm not sure if this should go on the dev list, or here (because this just may be a PHP problem). I'm using XMLRPC to connect to a Xindice Database, everything works well. except... when I pull a document from the database and a line starts with a - then the XMLRPC will not evaluate the payload to return valid XML. I have the debugging on and when the payload is returned with a - at the beginning (or near the beginning) of a line then I don't receive the... ---EVALING---[ chars]--- new xmlrpcval(?xml version=\1.0\? -- that signifies XML is being returned... I get **Nothing** I was copying and pasting text into a textarea and I have a script that rips out all of the html tags, before the textarea is sent to the Xindice database. I also see that the data is placed in the document just fine, in fact I see all of the data in XML document (shown in the servers response to the XMLRPC call). But I don't get the Evaling part of the XMLRPC payload... Also this just appears to be in CDATA fields. It's never happened in an attribute field were I have a - character. ?? Just thought you'd like to know. Nika p.s. as a workaround I just substitute all of my - with *minus;. ___ phpxmlrpc mailing list [EMAIL PROTECTED] http://lists.usefulinc.com/cgi-bin/mailman/listinfo/phpxmlrpc
Re: [phpxmlrpc-devel] Re: [phpxmlrpc] [Fwd: xmlrpc signing]
Thanks for pointing this out. Documentation seems to be sparse, but it looks like it may be possible for us to use this by requiring clients to have been signed by a trusted CA (basically, the server's CA), and adding SSLOption +CompatEnvVars in order to obtain the client's CN (and thus differentiate clients). I'll play with it a bit. On Wed, Oct 30, 2002 at 07:56:12AM -0500, Justin R. Miller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Said Andres Salomon on Wed, Oct 30, 2002 at 02:23:57AM -0500: The idea is to identify where a request came from; the cert only verifies the server, not the client. Also, the cert is generally self-signed, so I have no reason to trust it. I was thinking openssl signing, not gnupg. Actually the certificate support that is in there is client and server certificates, i.e. the *client* has to have the right certificate in order to get interact with the server's certificate. This is an alternative to HTTP(S) Basic or Digest username and password authentication. In Edd's documentation for the *client* methods, just after the setCredentials method (i.e. username/password auth), there is a section for the setCertificate method. The functionality is described in the 'HTTPS' section for the cURL docs at: http://curl.haxx.se/docs/readme.curl.html Furthermore, here's a post from this list ;-) http://www.mail-archive.com/phpxmlrpc@usefulinc.com/msg00069.html Most people don't use this feature of HTTPS, but the idea is that *both* the client and server share 'halves' of a private certificate (the client's being PEM-formatted), and the client is not allowed to establish a connection without the proper certificate. Companies will occasionally use this, for example installing a client certificate on the workstations and then having them connect to the server via HTTPS. The user does not need to worry about authentication, as the browsers and server take care of this via the private certificates. However, I'm not sure that the clients can all have different certificates, or if they all share the same file. You would have to look into the spec for HTTPS if this was a concern. (Hi Justin! Did you hear about our gig thanksgiving weekend yet?) Yep :-) We'll have to carry this further off-list though ;-) - -- [!] Justin R. Miller [EMAIL PROTECTED] Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE9v9bs94d6K8nEDDERAmRLAJ4ovxP6K2Jyd0N5w6l3+0RLhr6fHQCeO9V3 gsr79b8MSt9yh6YyqHPGwVI= =8YWA -END PGP SIGNATURE- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ phpxmlrpc-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/phpxmlrpc-devel -- It's not denial. I'm just selective about the reality I accept. -- Bill Watterson ___ phpxmlrpc mailing list [EMAIL PROTECTED] http://lists.usefulinc.com/cgi-bin/mailman/listinfo/phpxmlrpc
[phpxmlrpc] [admin] mail delays
My apologies to those whose mail to this list were delayed because they got caught in the moderation process. I had kept this list closed to members in order to keep spam out. I've since installed spamassassin on the server that controls this list, and unless members object, I will make posting to the list open, but catch spam mails using spamassassin. Inevitably this means one or two spam will creep through, but at least there won't be the inconvenience of mails getting backed up for days or weeks. -- Edd signature.asc Description: This is a digitally signed message part
[phpxmlrpc] Re: XMLRPC - SSL bug
I added two member functions to xmlrpc_client to address this issue in the 1.0.99 release; setSSLVerifyPeer() and setSSLVerifyHost(). On Tue, 31 Dec 2002 11:23:19 +, Aydin Kurt-Elli wrote: This may have already been posted, but I had to amend line 605 of xmlrpc.inc to set the CURLOPT_SSL_VERIFYPEER to FALSE to get the module to work. I presume that the end host I was using must be using an incorrect SSL key that doesn't verify? cheers ___ phpxmlrpc mailing list [EMAIL PROTECTED] http://lists.usefulinc.com/cgi-bin/mailman/listinfo/phpxmlrpc