Jump to content


Photo

XML-RPC and SSL


  • Please log in to reply
1 reply to this topic

#1 SteveJ

SteveJ

    Newbie

  • Member
  • Pip
  • 9 posts
  • Gender:Male
  • Main OS: Windows 7

Posted 09 November 2013 - 05:39 PM

Hello,

 

I am trying to run a web service into SSL to simulate how a store might connect to a bank for a credit card transaction. I can get the web service to operate from port 80 localhost to port 80 localhost, and from SSL localhost (port 443) to port 80 localhost, but when I try to send data into SSL, I get no data back. I am using a PHP web service and 'utils.php' as a library.

 

My intention is to get a working connection, and then fill it in with the necessary queries to make the credit card piece work. Think of this as a proof of concept or a 'Hello World' at the moment.

 

the client app

 

<?php

include("utils.php");

$host = "localhost";
$uri = "/server.php";

$result = xu_rpc_http_concise(
    array(
    'method' => "uptime",
    'host'  => $host,
    'uri'  => $uri,
    'port'  => 443
    )
);
print "The uptime on " . $host . " is " . $result;
?>

 

The server app:

 

<?php

function uptime_func($method_name, $params, $app_data)  {
    return time()." insecure";
}

$xmlrpc_server = xmlrpc_server_create();

xmlrpc_server_register_method($xmlrpc_server, "uptime", "uptime_func");
header('Content-Type: text/xml');

$request_xml = $HTTP_RAW_POST_DATA;

$response = xmlrpc_server_call_method($xmlrpc_server, $request_xml, '');

 print $response;

xmlrpc_server_destroy($xmlrpc_server);
?>

 

 

 

Thanks!

 

-Steve



#2 SteveJ

SteveJ

    Newbie

  • Member
  • Pip
  • 9 posts
  • Gender:Male
  • Main OS: Windows 7

Posted 10 November 2013 - 05:49 AM

An update to my question:

 

This comes from an unknown source (which may be wrong), but this seems reasonable.

 

"HTTPS is a protocol that encapsulates HTTP. That is, when you type in anHTTPS URL in a browser, it first tries to establish an SSL-session with the server's mod_ssl engine. Once that's up, the browser and server then use HTTP in the normal way, but each frame is encrypted and decrypted at the interfaces. So at the start of a session, the server listening on port 443 is an HTTPS server and cannot receive plain HTTP requests. So you need a second VH to listen to HTTP traffic and redirect it to HTTPS."

 

His solution is that my SSL must listen to both 80 and 443. Like so:

 

Listen 443 https

Listen 80 http

 

However, Apache won't run when I do this.

 

Thanks!

 

-Steve






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users