Perform soap request via https with self-signed certificate by cURL

Question

I'm trying to perform soap request to web-service written on C# via https. Server uses self-signed certificate.

After many failed attempts with usage of SoapClient I decided to use pure cURL to perfrom request.

My code:

<?php
header('Content-Type: text/plain; charset=utf-8');

$url      = 'https://ip:8443/ServiceName';
$admin    = 'login';
$password = 'haShedPassw0rdHere';

$post     =
'<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        // Soap service params xml
    </soap:Body>
</soap:Envelope>';

$headers = array(             
    'Content-type: text/xml;charset="utf-8"',
    'Accept: text/xml', 
    'Cache-Control: no-cache', 
    'Pragma: no-cache', 
    'SOAPAction: https://ip:8443/ServiceName',
    'Content-length: ' . strlen($post),
);

$curl = curl_init();

$options = array(
    CURLOPT_URL => $url,
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_HTTPAUTH => CURLAUTH_ANY,
    CURLOPT_USERPWD => $admin . ':' . $password,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $post,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADER         => false,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_ENCODING       => '',
    CURLOPT_AUTOREFERER    => true,
    CURLOPT_CONNECTTIMEOUT => 120,
    CURLOPT_TIMEOUT        => 120,
    CURLOPT_MAXREDIRS      => 10
);

curl_setopt_array($curl, $options);

var_dump($response = curl_exec($curl));
?>

Response:

string(370) "
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Body>
        <s:Fault>
            <faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                a:InvalidSecurity
            </faultcode>
            <faultstring xml:lang="ru-RU">
                Ошибка при проверке безопасности сообщения.
            </faultstring>
        </s:Fault>
    </s:Body>
</s:Envelope>"

Where:

Ошибка при проверке безопасности сообщения.

Means something like:

Communication security check error.

What have I tried:

1. POST request with a self-signed certificate
2. How to consume a WCF Web Service that uses custom username validation with a PHP page?
3. Php SoapClient stream_context option
4. SOAP authentication with PHP
5. How can I send SOAP XML via Curl and PHP?

And more of them.

Question: What am I doing wrong?

Regards.

P.S.: Tested with PHP 5.3, PHP 5.4.14, PHP 5.5.1. Results are same.

---

UPDv1:

C# Source, provided by service support team:

private void Button_SetData_Click(object sender, EventArgs e)
{
    eLeed.WebServiceClient client =
        new eLeed.WebServiceClient();
    client.ClientCredentials.UserName.UserName = "login";
    client.ClientCredentials.UserName.Password = "haShedPassw0rdHere";
    Stream input = null;
    input = GetQuery("ServiceMethod", TextBox_Command.Text);
    XmlDocument response = new XmlDocument();
    response.PreserveWhitespace = true;
    response.Load(client.SetDataContractor(input));
    ExeResponse(response);
    input.Close();
    client.Close();
}

Well, this button is actually working. But how perform something like that in php with cURL ? Especially, how to pass those two lines:

client.ClientCredentials.UserName.UserName = "login";
client.ClientCredentials.UserName.Password = "haShedPassw0rdHere";

Therefore, shouldn't it return message like "invalid credentials" or something?

Answer 1

The error doesnt seem to be on the client side but on the server side. The server says that some security check failed. If it was a client error, you would get nothing but an error by cURL. You get an XML answer.

You should look at the server side.