Hi All,
I've used until now JasperReports Server PHP Client in a local environment with http prodotocol. JasperServer 6.1.0 was on 8080 port and my web app (with php client) was on 80 port.
Now I've successfully moved JasperReports to listen on port 8443, I also can reach it in browser and login on the admin panel.
However, I can't reach my reports trough the PHP application, this is the error it returns.
exception 'Jaspersoft\Exception\RESTRequestException' with message 'An unexpected HTTP status code was returned by the server' in C:\xampp\htdocs\tclient\jrs-rest-php-client\src\Jaspersoft\Tool\RESTRequest.php:379 Stack trace: #0 C:\xampp\htdocs\tclient\jrs-rest-php-client\src\Jaspersoft\Tool\RESTRequest.php(452): Jaspersoft\Tool\RESTRequest->handleError(0, Array, false) #1 C:\xampp\htdocs\tclient\jrs-rest-php-client\src\Jaspersoft\Service\ReportService.php(48): Jaspersoft\Tool\RESTRequest->prepAndSend('https://localhos...', Array, 'GET', NULL, true) #2 C:\xampp\htdocs\tclient\src\TestClient.php(72): Jaspersoft\Service\ReportService->runReport('/reports/Report...', 'html', NULL, NULL, Array) #3 C:\xampp\htdocs\tclient\index.php(13): TestClient->start() #4 {main}
Debugging the code I noticed that
curl_exec($curlHandle)
on line 235 of RESTRequest.PHP file, return false.
I also say that I copied the generated url while debugging, and I tryied it on browser and it works!
The other thing I can say is that JasperServer uses AES_128_GCM crypthography and ECDHE_RSA as exchange key mechanism, while Apache uses AES_256_CBC with HMAC-SHA1 and ECDHE_RSA for keys. I'm very new to security and cryptography, and I didn't found something to change cryptography on Apache, but this is offtopic, my question is if I must change something on PHP Jasper Client and if it supports SSL protocol.
---------
EDIT:
The workaround can be found at this website, even if I tryied only the "quick fix" http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/ with that line
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
brutally added to RESTRequest.PHP file before curl_exec function call. The question, however, is always if I need to do those workarounds or I'm missing something.
Thanks All,
Alessandro
1 Answer:
CURL from PHP doesn't include any trusted certificate by default. This would mean that as long as you dont tell it which certificates to trust, any https connection it makes will be untrusted, and thus, stopped. The command setopt CURLOPT_SSL_VERIFYPEER false above basically tells curl to not verify certificates for HTTPS requests.
If you dont want to bypass CA verification like you did, you can set up a certificate folder somewhere on your server to determine the trusted certificates and have your php.ini refer that folder. You can set up a certificate folder by steps like below :
1. Download a root certificate bundle from the curl website http://curl.haxx.se/docs/caextract.html. If the https site you're connecting uses other certificate, you can download it using a web browser as per the 'proper fix' in the link you gave above.
2, Then set a path to the file on the server in your php.ini file, e.g. on Windows: curl.cainfo=c:\apache\cacert\cacert.pem
