jsonRPC.php verifymessage method throws 500 error when supplying bad signature

[coinminers]

I have been trying to add the ability for people to change their shortname's address on my site http://bit.co.in

So what I'm trying to do is to access bitcoind via the jsonRPC.php library like so:

if ($bitcoin->verifymessage($oldAddress, $signature, $message) == 1) $addressOwnershipValidated = true;

When I supply a valid signature it works fine, but when I supply an invalid one just to test, it breaks with an error like this:

Server 500 Error: fopen(http://...127.0.0.1:8332) Can't open file

I even tried suppressing the error via @$bitcoin->verifymessage(...) and also tried a try ... catch, but it always throws that same error.

Any idea what I'm doing wrong?

[coinminers]

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

[Remember remember the 5th of November]

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

Can you provide a link to this jsonRPC library? Also, look, it's trying to fopen something and is failing.

[coinminers]

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

Can you provide a link to this jsonRPC library? Also, look, it's trying to fopen something and is failing.

Thanks much for the reply.

http://jsonrpcphp.org/code.php?file=jsonRPCClient

If it was unable to fopen the rpc http connection then it would throw that message everytime I try to connect, but it only does when the signature supplied is invalid, in which case I'd expect it to return a FALSE or a 0 or something like that.

I put a hack into the jsonRPCClient for now where I suppress the fopen error and return a FALSE instead of a exception. This seems to have patched it for now:

if ($fp = @fopen($this->url, 'r', false, $context)) { // <<SUPPRESS ERROR HERE
         $response = '';
         while($row = fgets($fp)) {
            $response.= trim($row)."\n";
         }
         $this->debug && $this->debug.='***** Server response *****'."\n".$response.'***** End of server response *****'."\n";
         $response = json_decode($response,true);
      } else {
         //throw new Exception('Unable to connect to '.$this->url); // << COMMENTED OUT
         return false; // << RETURN FALSE INSTEAD
      }

[kjj]

That particular RPC client always claims that it can't access the RPC when it has an error.  It is essentially the only error it knows.

You should be calling it from a try/catch block so that you can handle the exception yourself.

P.S.  Change your RPC password.  If you just noticed this now, it is in your logs dozens or hundreds of times.

P.P.S.  It is trivial to patch the bitcoind verifymessage RPC call to return the pubkey of the signature rather than true/false.  This patch will never be accepted into the main client because it is unsafe for human use, but it works great for a machine comparison/lookup to identify a user.

P.P.P.S.  And by trivial, I mean I posted it here in the forums a while back.

[elbandi]

Try to use this file: https://gitorious.org/elbandi/minifaucet/source/0581e2540518071cee37de0854ae8641e784dcab:jsonRPCClient.php

This is a same jsonrpc.php, but i changed to use curl instead of fopen.