[pve-devel] API-Failures (PHP-Script) IMPORTANT

Daniel Hunsaker danhunsaker at gmail.com
Thu Jul 14 22:18:10 CEST 2016


This client isn't maintained by the Proxmox team - it's a third-party
GitHub project. Please file this report on
https://github.com/CpuID/pve2-api-php-client/issues instead.

Note, I do have push access to the repo in question, so feel free to submit
changes directly via pull request and I'll get them merged in.

On Thu, Jul 14, 2016, 12:59 Detlef Bracker <bracker at 1awww.com> wrote:

> Dear,
>
> This important informations helps to save a lot of hours:
>
> A) in the PHP-Script pve2_api.class.php must been added the following
> lines, otherwise the PHP-Script for many users not work correctly:
>
> + Line 88: curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST,
> $this->verify_ssl);
> + Line 220: curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, false);
>
> otherwise, when no valid SSL-Certificate exists, a connection cant been
> made!
>
> B) In the README.md
>
> are wrong informations about the debug-mode - This lines must been
> deleted, why debug is not possible!
>
> C) A likely debug of curl is possible too with the following edited
> lines (as an example):
>
>     public function login () {
>         // Prepare login variables.
>         $login_postfields = array();
>         $login_postfields['username'] = $this->username;
>         $login_postfields['password'] = $this->password;
>         $login_postfields['realm'] = $this->realm;
>
>         $login_postfields_string = http_build_query($login_postfields);
>         unset($login_postfields);
>
>         // Perform login request.
>         $prox_ch = curl_init();
>         curl_setopt($prox_ch, CURLOPT_URL,
> "https://{$this->hostname}:{$this->port}/api2/json/access/ticket");
>         curl_setopt($prox_ch, CURLOPT_POST, true);
>         curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true);
>         curl_setopt($prox_ch, CURLOPT_POSTFIELDS,
> $login_postfields_string);
>         curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl);
>         curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl);
>
> +       curl_setopt($prox_ch, CURLOPT_VERBOSE, true);
>
> +       $verbose = fopen('php://temp', 'w+');
> +       curl_setopt($handle, CURLOPT_STDERR, $verbose);
>
>         $login_ticket = curl_exec($prox_ch);
>
> +      if ($login_ticket === FALSE) {
> +           printf("cUrl error (#%d): %s<br>\n", curl_errno($prox_ch),
> +           htmlspecialchars(curl_error($prox_ch)));
> +      }
>
> +       rewind($verbose);
> +        $verboseLog = stream_get_contents($verbose);
>
> +       echo "Verbose information:\n<pre>",
> htmlspecialchars($verboseLog), "</pre>\n";
>
>
>
>         $login_request_info = curl_getinfo($prox_ch);
>
>         //echo '<pre>';
>         //echo print_r($login_request_info);
>         //echo print_r($login_ticket);
>         //echo '</pre>';
>
>
>         curl_close($prox_ch);
>         unset($prox_ch);
>         unset($login_postfields_string);
>
>         if (!$login_ticket) {
>             // SSL negotiation failed or connection timed out
>             $this->login_ticket_timestamp = null;
>             return false;
>         }
>
>         $login_ticket_data = json_decode($login_ticket, true);
>
>         //echo '<pre>';
>         //echo print_r($login_ticket_data);
>         //echo '</pre>';
>         //exit;
>
>         if ($login_ticket_data == null || $login_ticket_data['data'] ==
> null) {
>             // Login failed.
>             // Just to be safe, set this to null again.
>             $this->login_ticket_timestamp = null;
>             if ($login_request_info['ssl_verify_result'] == 1) {
>                 throw new PVE2_Exception("Invalid SSL cert on
> {$this->hostname} - check that the hostname is correct, and that it
> appears in the server certificate's SAN list. Alternatively set the
> verify_ssl flag to false if you are using internal self-signed certs
> (ensure you are aware of the security risks before doing so).", 4);
>             }
>             return false;
>         } else {
>             // Login success.
>             $this->login_ticket = $login_ticket_data['data'];
>             // We store a UNIX timestamp of when the ticket was
> generated here,
>             // so we can identify when we need a new one expiration-wise
> later
>             // on...
>             $this->login_ticket_timestamp = time();
>             $this->reload_node_list();
>             return true;
>         }
>     }
>
> Regards
>
> Detlef Bracker
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>


More information about the pve-devel mailing list