Splunk Dev

Trying to find instructions to correct this problem with using the SDK examples for PHP

robsenk
Engager

Login Failed.
Reason: SSL: certificate subject name 'SplunkServerDefaultCert' does not match target host name 'my-other-server'

If anybody can please advise on how to rid this error. Prob. simple think i missed....

Thanks

Tags (2)
0 Karma

netjunki
New Member
diff --git a/Splunk/Http.php b/Splunk/Http.php
index ff4f9da..d7b7d50 100644
--- a/Splunk/Http.php
+++ b/Splunk/Http.php
@@ -157,6 +157,7 @@ class Splunk_Http
             CURLOPT_HEADER => TRUE,
             // disable SSL certificate validation
             CURLOPT_SSL_VERIFYPEER => FALSE,
+            CURLOPT_SSL_VERIFYHOST => FALSE,
         );

         foreach ($requestHeaders as $k => $v)

I made the following patch to work around the issue.

0 Karma

davidfstr
Explorer

This error indicates that curl is failing due to an HTTPS certificate validation error. (curl is used by the PHP SDK when PHP <5.3.7 to fetch HTTP(S) URLs.)

However the PHP SDK explicitly disables certificate validation in Http.php:159, so this error is rather unexpected:

private function requestWithCurl(
...
        CURLOPT_SSL_VERIFYPEER => FALSE,

According to the PHP docs (http://php.net/manual/en/function.curl-setopt.php), CURLOPT_SSL_VERIFYPEER, is not limited to any particular PHP version, so it is presumably available in PHP 5.3.3. Therefore it is probably getting passed through correctly to curl.

Perhaps your curl is configured in some kind of strict mode that always performs certificate validation even when instructed not to?

0 Karma

robsenk
Engager

The first time i mentioned it looked like a curl problem was not correct as I had a problem in the URL. My Bad. So it looks like curl works fine from command line.

0 Karma

robsenk
Engager

curl -k does work outside of the php. I can get data via the curl string but can't get the splunk_service to work in php. It maybe that the way the php is using curl on this server is not correct.... I will try to tail some more logs when i get back to this.... very strange.

0 Karma

davidfstr
Explorer

So are you seeing the same error or a different one? I would not expect the original error from a login failure.

Also, your last message says that curl worked but the prior one said it did not. So I'm a bit confused.

0 Karma

robsenk
Engager

Ok... I found that curl from the command line is working. it's disabling the cert. verification fine. The part on the sdk examples that is failing is the login. I can login with curl but the examples/index.php is not getting through the login. this is after editing the settings.local.php file with the proper credentials. Printing $SplunkExamples_connectArguments looks to be correct.

$service = new Splunk_Service($SplunkExamples_connectArguments);
// (NOTE: Can throw HTTP 401 if bad credentials)
$service->login();

Php 5.3.3. and Splunk 5.0.1

0 Karma

robsenk
Engager

Yes it does seem to be a curl issue. I curl the page index page and disable ssl using the curl --insecure --url and it still produces the error....

Thanks for that help David

0 Karma

robsenk
Engager

5.3.3 I saw a recommendation to upgrade but thought the issue pertained to localhost. I have a web server accessing the Splunk api which is on another server. I don't think we want to upgrade just yet on the php side if we don't have to.

0 Karma

Neeraj_Luthra
Splunk Employee
Splunk Employee

What version of PHP are you on?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...