Details
-
Task
-
Resolution: Unresolved
-
None
-
None
-
Medium
-
The current invocation of the workers does not provide the possibility to read out connection warnings, what would be very helpful in debugging.
-
Empty show more show less
Description
background
Assume a SSL Domain is used without a valid intermediate certificate. From the browser this works, but not via curl / fsockopen in the PHP code. See https://confluence.translate5.net/display/CON/Curl+SSL+Problems as background.
The problem is now, that the workers may not start, since fsockopen can not create a SSL connection internally. This could be fixed by changin the runtimeOptions.worker.server config, or by provide the missing certificate in the apache config as chain file.
The problem is now to recognize that situation. Modern browsers will work, since they load the missing certificates, but the curl and fsockopen will fail.
problem
Using fsockopen (like the workers do) will just fail on such a domain, logging some PHP warnings in the PHP log:
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php on line 78
PHP Warning: fsockopen(): Failed to enable crypto in /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php on line 78
PHP Warning: fsockopen(): unable to connect to ssl://testdomain.translate5.net:443 (Unknown error) in /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php on line 78
Currently the only error which is logged in the application log is:
ERROR: E1072 - Can not trigger worker URL: ssl://testdomain.translate5.net:443 Error: (0) in core.worker /webs/instance-XXXX/library/ZfExtended/Worker/TriggerByHttp.php (84) by POS
T /editor/task?format=json
Which does not provide any useful information about the real problem.
solution
Change the worker invocation away from fsockopen to a different technology (like socket_create)
Attachments
Issue Links
- duplicates
-
TRANSLATE-3381 Start workers as plain processes instead using HTTP requests
- Done