apache|php升级后导致apns服务不可用
来源:互联网 发布:android源码分析实录 编辑:程序博客网 时间:2024/05/01 20:01
由于安全问题我们将apache和php的版本进行了升级,apache从apache-2.4.10升级到了apache-2.4.20 php从5.6.0升级到了5.6.4,之后就开始报错了,报错信息如下:
[Tue Apr 19 12:17:14.520250 2016] [:error] [pid 17766:tid 1303021888] PHP Warning: stream_socket_client(): Failed to enable crypto in /opt/app/apache-2.4.20/htdocs/iossender/apns/lib/APNotification.class.php on line 278
[Tue Apr 19 12:17:14.520349 2016] [:error] [pid 17766:tid 1303021888] PHP Warning: stream_socket_client(): unable to connect to ssl://gateway.push
.apple.com:2195 (Unknown error) in /opt/app/apache-2.4.20/htdocs/iossender/apns/lib/APNotification.class.php on line 278
[Tue Apr 19 12:17:29.451896 2016] [proxy:error] [pid 17795:tid 1240271168] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 211.136.93.48:80 (*) failed
[Tue Apr 19 12:17:29.451984 2016] [proxy_http:error] [pid 17795:tid 1240271168] AH01114: HTTP: failed to make connection to backend: 211.136.93.48
[Tue Apr 19 12:17:31.330882 2016] [proxy:error] [pid 17795:tid 1145862464] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 211.136.93.48:80 (*) failed
[Tue Apr 19 12:17:31.330921 2016] [proxy_http:error] [pid 17795:tid 1145862464] AH01114: HTTP: failed to make connection to backend: 211.136.93.48
[Tue Apr 19 12:17:33.456868 2016] [proxy:error] [pid 17686:tid 1336916288] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 211.136.93.48:80 (*) failed
[Tue Apr 19 12:17:33.456938 2016] [proxy_http:error] [pid 17686:tid 1336916288] AH01114: HTTP: failed to make connection to backend: 211.136.93.48
[Tue Apr 19 12:17:52.795618 2016] [proxy:error] [pid 17686:tid 1200548160] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 211.136.93.48:80 (*) failed
解决办法:
1. 下载CA验签证书:https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer
该证书会在每次向苹果服务器发送消息时都会访问验证,如果本地存在就不需要去远端访问了。
<span style="white-space:pre"></span>define('CHECK_CA', CONFIG.'entrust_2048_ca.cer');
<span style="color:#222426;"><?php// configrequire (dirname(__FILE__) . '/config/config.inc.php');$request = Request::getRequest();$output = new Response();try { ... // Notification $notification = new APNotification(APNS_ENV); $notification->setPrivateKey(APNS_KEY); </span><span style="color:#ff0000;">$notification->setCheckCa(CHECK_CA);</span><span style="color:#222426;"> .... $notification->send();} catch (Exception $e) { $code = $e->getCode(); $output->code = empty($code)?999:$code; $output->msg = $e->getMessage();}echo $output->getResponse();</span>
<pre name="code" class="php">public function send() { 。。。 <span style="color:#ff0000;">if($this->_check_ca !=''){ stream_context_set_option($streamContext, 'ssl', 'cafile', $this->_check_ca); }</span>
。。。
Run Keychain Access; select "login" Keychain and "My Certificates" category
Select the certificate with the name format of "Apple Development IOS Push Services: ..."
Export the certificate (in the menu, under "File" .. "Export Items")
Export to .p12 format.
This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file
Using terminal, execute the following command (using your own filenames, of course):
openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
(You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)
If you really really really don't want a passphrase on the .pem file, try:
openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes
Creating CA Certificate file:
List item
Run Keychain Access application
Go to System Roots
Export the certificate named "Entrust.net Certification Authority (2048)" to a .pem file.
Note: My Roots container has four Entrust certificates; two of them with the name "Entrust.net Certification Authority (2048)" (but with different certificate extensions, via Get Info). Both of the "Entrust.net Certification Authority (2048)" certificates where effective in validating the trust chain; the other two Entrust certificates did not work. More significantly, the Entrust certificate pointed at by the Apple TechNote 2265 also does not work.
Make sure you export to .pem format; the default is .cer and this step is easy to miss.
Run the verification command:
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem"
This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.
For more information on openssl, I suggest the following pages:
http://www.madboa.com/geek/openssl/
http://www.sslshopper.com/article-most-common-openssl-commands.html
http://gagravarr.org/writing/openssl-certs/general.shtml
- apache|php升级后导致apns服务不可用
- 升级Xode导致CocoaPods不可用,升级CocoaPods解决
- mac升级后导致apache无法使用
- Python 升级后yum 不可用
- 升级可能导致数据库不可用[待看]
- 误杀病毒导致“RPC服务不可用”解决一例
- 升级Python版本后 yum命令不可用
- 升级到win10后wamp不可用的问题
- win10 升级后 vmware 桥接 不可用修复方法
- CentOS 6.4升级Python后yum不可用的解决方案
- CentOS系统Python升级后yum不可用的解决办法
- scp 库文件不小心整错目录导致ssh telnet 服务不可用了
- oracle数据库升级导致的数据库对象不可用或无效解决办法
- libvirt-bin 出现问题,导致nova-compute 服务不可用 nova-compute自动不可用 两个libvirtd
- rpc服务不可用
- VMware USB仲裁服务与手机驱动冲突导致驱动不可用
- linux init.rc service name 过长导致服务不可用的问题
- mongos分片集群下db数量过多导致服务不可用
- java poi3.7实现excel下拉联动
- js定时器
- cmd中if语句set和echo同时使用的问题
- LeetCode 51. N-Queens
- XML (2)
- apache|php升级后导致apns服务不可用
- Android 使用VDPlayerSDK组件实现播放视频(二)
- Sqlite
- Hadoop安装教程_单机/伪分布式配置_Hadoop2.6.0/Ubuntu14.04
- 基本算法思想Java实现的详细代码
- 前端开发面试题整理(JS篇)
- Tricks(三十八)—— 在不计算欧式距离的前提下判断点到两点的距离哪个更近
- iOS 手势
- PCANet训练过程