Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-2326

Change Worker invocation away from fsockopen for better error handling

    XMLWordPrintable

Details

    • Medium
    • The current invocation of the workers does not provide the possibility to read out connection warnings, what would be very helpful in debugging.

    Description

      background

      Assume a SSL Domain is used without a valid intermediate certificate. From the browser this works, but not via curl / fsockopen in the PHP code. See https://confluence.translate5.net/display/CON/Curl+SSL+Problems as background.

      The problem is now, that the workers may not start, since fsockopen can not create a SSL connection internally. This could be fixed by changin the runtimeOptions.worker.server config, or by provide the missing certificate in the apache config as chain file.

      The problem is now to recognize that situation. Modern browsers will work, since they load the missing certificates, but the curl and fsockopen will fail.

      problem

      Using fsockopen (like the workers do) will just fail on such a domain, logging some PHP warnings in the PHP log:

      PHP Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
      error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php on line 78
      
      PHP Warning:  fsockopen(): Failed to enable crypto in /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php on line 78
      
      PHP Warning:  fsockopen(): unable to connect to ssl://testdomain.translate5.net:443 (Unknown error) in /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php on line 78

      Currently the only error which is logged in the application log is:

      ERROR: E1072 - Can not trigger worker URL: ssl://testdomain.translate5.net:443 Error:  (0)  in core.worker /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php (84)  by POS
      T /editor/task?format=json
      

      Which does not provide any useful information about the real problem.

      solution

      Change the worker invocation away from fsockopen to a different technology (like socket_create)

      Attachments

        Issue Links

          Activity

            People

              tlauria Thomas Lauria
              tlauria Thomas Lauria
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: