[pve-devel] API-Failures (PHP-Script) IMPORTANT

Detlef Bracker bracker at 1awww.com
Thu Jul 14 20:59:12 CEST 2016


This important informations helps to save a lot of hours:

A) in the PHP-Script pve2_api.class.php must been added the following
lines, otherwise the PHP-Script for many users not work correctly:

+ Line 88: curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl);
+ Line 220: curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, false);

otherwise, when no valid SSL-Certificate exists, a connection cant been

B) In the README.md

are wrong informations about the debug-mode - This lines must been
deleted, why debug is not possible!

C) A likely debug of curl is possible too with the following edited
lines (as an example):

    public function login () {
        // Prepare login variables.
        $login_postfields = array();
        $login_postfields['username'] = $this->username;
        $login_postfields['password'] = $this->password;
        $login_postfields['realm'] = $this->realm;

        $login_postfields_string = http_build_query($login_postfields);

        // Perform login request.
        $prox_ch = curl_init();
        curl_setopt($prox_ch, CURLOPT_URL,
        curl_setopt($prox_ch, CURLOPT_POST, true);
        curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($prox_ch, CURLOPT_POSTFIELDS, $login_postfields_string);
        curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl);
        curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl);
+       curl_setopt($prox_ch, CURLOPT_VERBOSE, true);
+       $verbose = fopen('php://temp', 'w+');
+       curl_setopt($handle, CURLOPT_STDERR, $verbose);

        $login_ticket = curl_exec($prox_ch);
+      if ($login_ticket === FALSE) {
+           printf("cUrl error (#%d): %s<br>\n", curl_errno($prox_ch),
+           htmlspecialchars(curl_error($prox_ch)));
+      }
+       rewind($verbose);
+        $verboseLog = stream_get_contents($verbose);
+       echo "Verbose information:\n<pre>",
htmlspecialchars($verboseLog), "</pre>\n";
        $login_request_info = curl_getinfo($prox_ch);
        //echo '<pre>';
        //echo print_r($login_request_info);
        //echo print_r($login_ticket);
        //echo '</pre>';


        if (!$login_ticket) {
            // SSL negotiation failed or connection timed out
            $this->login_ticket_timestamp = null;
            return false;

        $login_ticket_data = json_decode($login_ticket, true);
        //echo '<pre>';
        //echo print_r($login_ticket_data);
        //echo '</pre>';
        if ($login_ticket_data == null || $login_ticket_data['data'] ==
null) {
            // Login failed.
            // Just to be safe, set this to null again.
            $this->login_ticket_timestamp = null;
            if ($login_request_info['ssl_verify_result'] == 1) {
                throw new PVE2_Exception("Invalid SSL cert on
{$this->hostname} - check that the hostname is correct, and that it
appears in the server certificate's SAN list. Alternatively set the
verify_ssl flag to false if you are using internal self-signed certs
(ensure you are aware of the security risks before doing so).", 4);
            return false;
        } else {
            // Login success.
            $this->login_ticket = $login_ticket_data['data'];
            // We store a UNIX timestamp of when the ticket was
generated here,
            // so we can identify when we need a new one expiration-wise
            // on...
            $this->login_ticket_timestamp = time();
            return true;


Detlef Bracker

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://pve.proxmox.com/pipermail/pve-devel/attachments/20160714/13272c9f/attachment.sig>

More information about the pve-devel mailing list