SOAP data source asset error

[v5.4.3.1] Hi I’m having problems using the SOAP data source asset. I’ve already set up the Matrix proxy settings to go through our corporate proxy and that seems fine (it said ‘passed’) and other assets like REST seem OK, but HTTPS SOAP isn’t playing ball

PHP Warning
SoapClient::SoapClient(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

On the server that hosts Matrix I have a similar problem with my own PHP SOAP scripts unless I specify the proxy in the code and set SSL to no verify peer as shown below:

$client = new SoapClient(‘https://blah.asmx?wsdl’,
array(
‘trace’ => 1,
“location” => ‘https://blah…’,
‘exceptions’ => 1,
‘proxy_host’ => “proxy”,
‘proxy_port’ => 800,
‘stream_context’ => stream_context_create(
array(
‘ssl’ => array(
‘verify_peer’ => false,
‘verify_peer_name’ => false,
)
)
)
)
);

$result = $client->HelloWorld();
print_r($result);

I’m wondering if the SOAP data source asset also needs the proxy set specifically and the no verify peer flag set for it to work but I can’t see any where to set that on the asset in matrix? Maybe this is a bug with the SOAP PHP script in Matrix? Any clues would be appreciated.

I have a feeling that the SOAP DS asset doesn’t have that capability. Any chance you could try and point it at a SOAP endpoint that doesn’t have HTTPS to see if it can connect to that successfully? That would help confirm the theory of the problem.

Hi Bart,

I think it’s almost working as HTTP though I get a different error:
Matrix Notice
Error occured when trying to access the SOAP service: SOAP-ERROR: Parsing WSDL: Couldn’t load from ‘http://www.xignite.com/xcurrencies.asmx?WSDL’ : Premature end of data in tag html line 2

Off our network it works fine in Matrix as there’s no proxy/cert validation interfering.

Interestingly on the corporate server if I add this simple code and run it from the command line it works even without the ‘no verify peer’ and the proxy setting. I’m guessing as it’s HTTP it can go straight out through our firewall so the answer might be to send all our matrix traffic directly through our firewall and avoid the proxy all together if there’s no way to set the cert peer validation to false in the SOAP asset? We would prefer to send all traffic via the proxy as that does content checking but may be that’s not possible unless you can suggest a way to fix this. Could we amend the PHP SOAP script matrix uses to make it do a no verify peer? Not sure how that would stand with Squiz support to see if that fixes it?

$client = new SoapClient(‘http://www.xignite.com/xcurrencies.asmx?WSDL’
);

var_dump($client->__getTypes());

Hi Bart,
As a test I’ve managed to get it to work by adding this (approx line 368) of /var/www/matrix/packages/web_services/api/lib/soap_common.inc

added this …
$options[‘proxy_host’] = “ourproxyaddress”;
$options[‘proxy_port’] = 800;

These seems like a bug as the SOAP asset doesn’t seem to use the proxy settings in Squiz unlike REST assets.

I did manage to get HTTP SOAP out via a standalone PHP script on the server without specifying the proxy but that may use the Linux OS proxy settings (/etc/environment) or it maybe HTTP can go out via our firewall directly if no proxy is set unlike HTTPS (I would have to investigate that). Please can you let me know if this change is OK, we urgently need to use the Squiz SOAP asset if possible.

Many Thanks James

Hey James, thanks for the extra info.
Yea it certainly looks like the SOAP asset is not adhering to the global proxy settings, but that limitation might have been fixed in a version since 5.4.3.1, I’m not sure.

I think in order to debug this further, you might need to send a support ticket in to Squiz so they can have a closer look at your instance and server, and then send it off to our development team if they get stuck, to see if that proxy issue has been fixed in later versions of Matrix so that it can potentially be patched on your system.