Edit report at https://bugs.php.net/bug.php?id=63992&edit=1
ID: 63992 Comment by: mikhail dot v dot gavrilov at gmail dot com Reported by: mikhail dot v dot gavrilov at gmail dot com Summary: php not use default openSSH confing Status: Assigned Type: Bug Package: OpenSSL related Operating System: RHEL/Fedora PHP Version: 5.4.11RC1 Assigned To: pajoye Block user comment: N Private report: N New Comment: Pierre, are you still think that OpenSSL config init must do curl by itself? But but curl may use not only openSSL, also it may use NSS. Previous Comments: ------------------------------------------------------------------------ [2013-02-05 18:55:13] mikhail dot v dot gavrilov at gmail dot com I am tell about php-fpm. In this case only PHP and PHP extension's in the same process. ------------------------------------------------------------------------ [2013-02-05 18:46:28] paj...@php.net There are much more in the same process than only PHP extensions. Libraries, servers, etc. also rely on OpenSSL. ------------------------------------------------------------------------ [2013-02-05 18:32:20] mikhail dot v dot gavrilov at gmail dot com Pierre, do you think what initialization openSSL into each extension good idea? I think better if it will be do openssl extension for all other extensions. So I couldn't find OPENSSL_config(NULL); into openssl extension code and I very surprised and don't understand how it work. I just tried add OPENSSL_config(NULL); before SSL_library_init(); string and it really helped me solved problem with curl. ------------------------------------------------------------------------ [2013-01-25 15:03:09] paj...@php.net A quick comment about the patch, using this function may affect anything using openssl within the same process, that's really not good. Also, in case of curl, curl should take care of that, using options. ------------------------------------------------------------------------ [2013-01-15 14:51:34] mikhail dot v dot gavrilov at gmail dot com Description: ------------ For using GOST encryption engine: 1. i compiled openSSH with GOST support 2. added the following lines in openssl.cnf openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost default_algorithms = ALL dynamic_path = /usr/lib/openssl/engines/libgost.so CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet But when I use curl PHP still get error: 'Cannot communicate securely with peer: no common encryption algorithm(s).' Than I search I find this solution: http://stackoverflow.com/questions/10959771/openssl-and-gost-engine-issue- statically-linked So I create patch *** 111/openssl.c 2012-12-19 12:55:19.000000000 +0600 --- openssl.c 2013-01-15 18:43:22.000000000 +0600 *************** *** 1038,1043 **** --- 1038,1046 ---- le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); + /* needed for use default config */ + OPENSSL_config(NULL); + SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); and my script became work. Test script: --------------- $address="https://icrs.nbki.ru/products/B2BRequestServlet"; // $proxy = '10.10.4.24:3128'; $xml = ''; $ch = curl_init($address); $page = "Xml.php"; $headers = array( "POST ".$page." HTTP/1.0", "content-type:application/octet-stream;charset=\"windows-1251\"", ); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml); if(isset($proxy)) curl_setopt($ch, CURLOPT_PROXY, $proxy); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $response = curl_exec($ch);if ($response === false) throw new Exception(curl_error($ch)); curl_close($ch); ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63992&edit=1