In both cases the respective WSDL loads in Firefox and shows "Safe connection". The PHP version is 5.6.22, it means that by default PHP will verify that the connection is secure (opposite to the behavior of PHP 5.5.x and prior http://php.net/manual/en/migration56.openssl.php). The idea is to precisely perform secure connections, both cases are done to be secure, the proper verifications are being made implicitly.
Need this case to work (Case A):
$wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient($wsdl);
$seed = $SoapClient -> getSeed();
libxml_disable_entity_loader($entity_loader_status_old);
var_dump($seed);
Error:
Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL' : failed to load external entity "https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL"
in /path/to/script.php:3
Stack trace:
#0 /path/to/script.php(3): SoapClient->SoapClient('https://palena....')
#1 {main}
thrown in /path/to/script.php on line 3
This example case works (Case B):
$wsdl = 'https://www.lb.lt/webservices/ExchangeRates/ExchangeRates.asmx?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient($wsdl);
$exchangeRate = $SoapClient -> getExchangeRate();
libxml_disable_entity_loader($entity_loader_status_old);
var_dump($exchangeRate);
Dump:
object(stdClass)#2 (1) { ["getExchangeRateResult"]=> string(2) "-1" }
Note: this case is auxiliar, only for demonstration.
The Case A worked for months (always PHP 5.6.x), only two days ago it stopped working and throwing the error, yet no code has been changed. The date of failure is close to the Valid-From date of the certificate of the webservice (12 dec 2016 to 14 dec 2017), looks like the server just renewed its certificate (saw the dates in the details of the certificate by loading the WSDL address in a browser), it is very likely that this has everything to do with the problem.
Apparently, to be trusted by the client, the renewed certificate requires a specific intermediate certificate that is poorly diffused, so the intermediate certificate has to be found and added to the bundle of trusted intermediate certificates. To do that, the intermediate certificate was found, and by using its download address, the next three lines were executed in the client:
wget http://symantec.tbs-certificats.com/Symantec_Class_3_EV_SSL_CA_G3.crt
cp Symantec_Class_3_EV_SSL_CA_G3.crt
/etc/pki/ca-trust/source/anchors update-ca-trust
At some extent it seems to have worked, because now an error is not producing from line 3(SoapClient
), but from line 4(getSeed
):
Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host
in /path/to/script.php:4
Stack trace:
#0 [internal function]: SoapClient->__doRequest('<?xml version="...', 'https://palena....', '', 1, 0)
#1 /path/to/script.php(4): SoapClient->__call('getSeed', Array)
#2 /path/to/script.php(4): SoapClient->getSeed()
#3 {main}
thrown in /path/to/script.php on line 4
Case A works when disabling the secure connection verification (but that's not the solution because it breaks the security):
$wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient(
$wsdl
, [
'stream_context' => stream_context_create([
'ssl' => [
'verify_peer' => false,
],
]),
]
);
$seed = $SoapClient -> getSeed();
libxml_disable_entity_loader($entity_loader_status_old);
var_dump($seed);
Dump:
string(219) "00436612495400"
Why Case A doesn't work with security verification and how to fix it?
For me case B also works :
It retuns this :
I m using php version 5.5.9