3
votes

I have a PHP file with the following content that works perfectly on development ceritficates, but when I switch to a production certificate the PHP errors and gives the below message, but it only does this about 50% of the time. The other 50% it works. Anyone know why this might be happening?

<?php
// masked for security reason 
$deviceToken = 'xxxxxx'; // jq

$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', dirname(__FILE__)."/prod.pem");

$number = 5;

$fp = stream_socket_client('ssl://gateway.push.apple.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT, $ctx);
if (!$fp) {
  print "Failed to connect $err $errstr\n";
}
else {
  print "Connection OK\n";
  $msg = $_GET['msg'];
    $payload['aps'] = array('alert' => $msg, 'badge' => 1, 'sound' => 'default');
    $payload = json_encode($payload);

  $msg = chr(0) . pack("n",32) . pack('H*', str_replace(' ', '', $deviceToken)) . pack("n",strlen($payload)) . $payload;
  print "sending message :" . $payload . "\n";
  fwrite($fp, $msg);
  fclose($fp);
}
?>

The PHP error:

Warning: stream_socket_client() [function.stream-socket-client]: Unable to set local cert chain file `/var/www/vhosts/thissite.com/httpdocs/prod.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19

Warning: stream_socket_client() [function.stream-socket-client]: failed to create an SSL handle in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19

Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19

Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Failed to connect 0

4
Is this script running several times in quick succession?jtrim
Maybe STREAM_CLIENT_PERSISTENT flag would help...Quxflux

4 Answers

3
votes

I had the same issue. You have to make a persistent socket connection with Apple's Push Notification Server. I've written up a tutorial for a python daemon called pyapns (http://github.com/samuraisam/pyapns) which worked very well for me:

http://www.how2s.org/index.php/How_to_get_started_with_Apple_Push_Notifications_for_iPhone_or_iPhone_Touch

This works assuming you are running Debian and have root access to install the required packages such as python-twisted, libcurl4-openssl-dev etc.

1
votes

Sounds like too many connects. Apple's docs state that you need to hold the connection open and send as many as you can at the same time. Re-opening is considered DOS attack. So try making it persistent and see if you get same error.

0
votes

I don't know if the error you are experiencing are because of too many connects to the push servers... In my experience, those limits are a bit hard to reach.

But PHP on the other hand have been acting strange when I've tried to send batches of push notifications. I'm not sure from your sample code, but I guess you do a stream_socket_client() and fclose() for every message? Using that technique with SSL sockets in PHP, the only thing I've personally have accomplished is failure...

I'm not sure if you have the possibility to run Ruby on your server, but if you can, I recommend switching to ruby-apns-daemon to handle the talk with Apple's servers. It's lightweight and easy to implement in PHP (you practically compose the same payload-JSON, but send it to ruby-apns-daemon instead of through a socket).

0
votes

I've had the same issue and certificate was in fault. You can see solutions here How can I do an SSL connection with PHP and here Error using ssl cert with PHP.

Hope it'll help you.

And for the record you are not obliged to make a persistent connection with APNS. Though it's best to send all your messages at once, you can connect and disconnect multiple times. I quote Apple's website :

You should also retain connections with APNs across multiple notifications. APNs may consider connections that are rapidly and repeatedly established and torn down as a denial-of-service attack. Upon error, APNs closes the connection on which the error occurred.

If you don't create hundred of connections at a time you should not get troubles.