[pve-devel] API-Failures (PHP-Script) IMPORTANT
Detlef Bracker
bracker at 1awww.com
Thu Jul 14 20:59:12 CEST 2016
Dear,
This important informations helps to save a lot of hours:
A) in the PHP-Script pve2_api.class.php must been added the following
lines, otherwise the PHP-Script for many users not work correctly:
+ Line 88: curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl);
+ Line 220: curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, false);
otherwise, when no valid SSL-Certificate exists, a connection cant been
made!
B) In the README.md
are wrong informations about the debug-mode - This lines must been
deleted, why debug is not possible!
C) A likely debug of curl is possible too with the following edited
lines (as an example):
public function login () {
// Prepare login variables.
$login_postfields = array();
$login_postfields['username'] = $this->username;
$login_postfields['password'] = $this->password;
$login_postfields['realm'] = $this->realm;
$login_postfields_string = http_build_query($login_postfields);
unset($login_postfields);
// Perform login request.
$prox_ch = curl_init();
curl_setopt($prox_ch, CURLOPT_URL,
"https://{$this->hostname}:{$this->port}/api2/json/access/ticket");
curl_setopt($prox_ch, CURLOPT_POST, true);
curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($prox_ch, CURLOPT_POSTFIELDS, $login_postfields_string);
curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl);
curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl);
+ curl_setopt($prox_ch, CURLOPT_VERBOSE, true);
+ $verbose = fopen('php://temp', 'w+');
+ curl_setopt($handle, CURLOPT_STDERR, $verbose);
$login_ticket = curl_exec($prox_ch);
+ if ($login_ticket === FALSE) {
+ printf("cUrl error (#%d): %s<br>\n", curl_errno($prox_ch),
+ htmlspecialchars(curl_error($prox_ch)));
+ }
+ rewind($verbose);
+ $verboseLog = stream_get_contents($verbose);
+ echo "Verbose information:\n<pre>",
htmlspecialchars($verboseLog), "</pre>\n";
$login_request_info = curl_getinfo($prox_ch);
//echo '<pre>';
//echo print_r($login_request_info);
//echo print_r($login_ticket);
//echo '</pre>';
curl_close($prox_ch);
unset($prox_ch);
unset($login_postfields_string);
if (!$login_ticket) {
// SSL negotiation failed or connection timed out
$this->login_ticket_timestamp = null;
return false;
}
$login_ticket_data = json_decode($login_ticket, true);
//echo '<pre>';
//echo print_r($login_ticket_data);
//echo '</pre>';
//exit;
if ($login_ticket_data == null || $login_ticket_data['data'] ==
null) {
// Login failed.
// Just to be safe, set this to null again.
$this->login_ticket_timestamp = null;
if ($login_request_info['ssl_verify_result'] == 1) {
throw new PVE2_Exception("Invalid SSL cert on
{$this->hostname} - check that the hostname is correct, and that it
appears in the server certificate's SAN list. Alternatively set the
verify_ssl flag to false if you are using internal self-signed certs
(ensure you are aware of the security risks before doing so).", 4);
}
return false;
} else {
// Login success.
$this->login_ticket = $login_ticket_data['data'];
// We store a UNIX timestamp of when the ticket was
generated here,
// so we can identify when we need a new one expiration-wise
later
// on...
$this->login_ticket_timestamp = time();
$this->reload_node_list();
return true;
}
}
Regards
Detlef Bracker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20160714/13272c9f/attachment.sig>
More information about the pve-devel
mailing list