ID: 36445
User updated by: Jacek at veo dot pl
Reported By: Jacek at veo dot pl
Status: Assigned
Bug Type: Sockets related
Operating System: SuSE Linux 9.1
PHP Version: 5.1.3
Assigned To: wez
New Comment:
Code:
-----
<?php
$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => FALSE,
'allow_self_signed' => TRUE,
'local_cert' => '/host.pem'
)
));
echo 1;
$ssl = stream_socket_server('ssl://0.0.0.0:4445', $errnum, $errstr,
STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context);
echo 2;
stream_socket_enable_crypto($ssl, TRUE,
STREAM_CRYPTO_METHOD_TLS_SERVER);
echo 3;
fclose($ssl);
?>
Result:
-------
I created combined file, as on the website, but I receive (PHP 5.1.4):
Warning: stream_socket_enable_crypto(): Unable to set private key file
`/host.pem' in /repr.php on line 15
Warning: stream_socket_enable_crypto(): failed to create an SSL handle
in /repr.php on line 15
Previous Comments:
------------------------------------------------------------------------
[2006-05-26 02:19:28] e at osterman dot com
I too had problems with this. It works for me on PHP 5.1.2-
1+b1 (cli) (built: Mar 20 2006 04:17:24).
You must specify the certificate in PEM format, and use "ssl" as the
key for the resource context.
How to create PEM file? go here:
http://sial.org/howto/openssl/self-signed/
------------------------------------------------------------------------
[2006-05-05 18:43:16] eddi at ai000 dot de
OS: GNU/Linux 2.6.16.14 (gentoo)
OpenSSL: 0.9.7i
PHP: 5.1.4 CLI
Today I got this warning:
Warning: stream_socket_enable_crypto(): SSL_R_NO_SHARED_CIPHER: no
suitable shared cipher could be used. This could be because the server
is missing an SSL certificate (local_cert context option) ...
(file xp_ssl.c line 131)
To do that (set option) there are no way.
------------------------------------------------------------------------
[2006-05-05 12:55:32] Jacek at veo dot pl
Description:
------------
I (re)compiled OpenSSL 0.9.8b and PHP 5.1.3
Actual result:
--------------
My first code:
12Segmentation fault
>From [EMAIL PROTECTED]:
Warning: stream_socket_enable_crypto(): SSL operation failed with code
111. OpenSSL Error messages:
error:00000000:lib(0):func(0):reason(0) in /test.php on line 4
GDB:
----
gdb --args php /test.php
(gdb) run
Starting program: /usr/bin/php /test.php
[Thread debugging using libthread_db enabled]
[New Thread 1082760448 (LWP 2419)]
12
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1082760448 (LWP 2419)]
0x40390beb in sk_num () from /usr/local/ssl/lib/libcrypto.so.0.9.8
(gdb) quit
The program is running. Exit anyway? (y or n) y
------------------------------------------------------------------------
[2006-05-04 19:15:24] eddi at ai000 dot de
#!/opt/php/513/bin/php
<?php
error_reporting(2047);
$c=array('tls'=>array( 'verify_peer' =>false,
'allow_self_signed' =>true,
'cafile'
=>'/opt/php/testscripts/newkey.pem',
'capath' =>'/opt/php/testscripts/',
'local_cert'
=>'/opt/php/testscripts/newkey.pem',
'passphrase' =>'smtp',
'CN_match' =>'ai000.de'
)
);
$tls=stream_context_create($c);
$c=stream_socket_server('tcp://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls);
while(1){
if([EMAIL PROTECTED]($c)){
echo "Verbindung\n".openssl_error_string()."\n\n";
@fwrite($s,"220 ESMTP\r\n");
echo @fgets($s);
@fwrite($s,"250 STARTTLS\r\n");
echo @fgets($s);
@fwrite($s,"220 ESMTP\r\n");
var_dump(stream_socket_enable_crypto($s,true,STREAM_CRYPTO_METHOD_TLS_SERVER));
echo @fgets($s);
}
}
?>
This is my test code. The negotation is endless among server script and
Mozilla-Thunderbird.
When I start the script below, my browser tell me: there are no
conforming algorithms available.
$c=stream_socket_server('ssl://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls);
The Discription ("stream_socket_enable_crypto ( resource stream, bool
enable [, int crypto_type [, resource session_stream]] )") is obscure.
What is "resource session_stream"? This word is singly used there and
no records describe it.
------------------------------------------------------------------------
[2006-02-22 11:13:23] Jacek at veo dot pl
The same problem.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/36445
--
Edit this bug report at http://bugs.php.net/?id=36445&edit=1
