ID: 36445
Comment by: eddi at ai000 dot de
Reported By: Jacek at veo dot pl
Status: Assigned
Bug Type: Sockets related
Operating System: SuSE Linux 9.1
PHP Version: 5.1.3
Assigned To: wez
New Comment:
OS: GNU/Linux 2.6.16.14 (gentoo)
OpenSSL: 0.9.7i
PHP: 5.1.4 CLI
Today I got this warning:
Warning: stream_socket_enable_crypto(): SSL_R_NO_SHARED_CIPHER: no
suitable shared cipher could be used. This could be because the server
is missing an SSL certificate (local_cert context option) ...
(file xp_ssl.c line 131)
To do that (set option) there are no way.
Previous Comments:
------------------------------------------------------------------------
[2006-05-05 12:55:32] Jacek at veo dot pl
Description:
------------
I (re)compiled OpenSSL 0.9.8b and PHP 5.1.3
Actual result:
--------------
My first code:
12Segmentation fault
>From [EMAIL PROTECTED]:
Warning: stream_socket_enable_crypto(): SSL operation failed with code
111. OpenSSL Error messages:
error:00000000:lib(0):func(0):reason(0) in /test.php on line 4
GDB:
----
gdb --args php /test.php
(gdb) run
Starting program: /usr/bin/php /test.php
[Thread debugging using libthread_db enabled]
[New Thread 1082760448 (LWP 2419)]
12
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1082760448 (LWP 2419)]
0x40390beb in sk_num () from /usr/local/ssl/lib/libcrypto.so.0.9.8
(gdb) quit
The program is running. Exit anyway? (y or n) y
------------------------------------------------------------------------
[2006-05-04 19:15:24] eddi at ai000 dot de
#!/opt/php/513/bin/php
<?php
error_reporting(2047);
$c=array('tls'=>array( 'verify_peer' =>false,
'allow_self_signed' =>true,
'cafile'
=>'/opt/php/testscripts/newkey.pem',
'capath' =>'/opt/php/testscripts/',
'local_cert'
=>'/opt/php/testscripts/newkey.pem',
'passphrase' =>'smtp',
'CN_match' =>'ai000.de'
)
);
$tls=stream_context_create($c);
$c=stream_socket_server('tcp://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls);
while(1){
if([EMAIL PROTECTED]($c)){
echo "Verbindung\n".openssl_error_string()."\n\n";
@fwrite($s,"220 ESMTP\r\n");
echo @fgets($s);
@fwrite($s,"250 STARTTLS\r\n");
echo @fgets($s);
@fwrite($s,"220 ESMTP\r\n");
var_dump(stream_socket_enable_crypto($s,true,STREAM_CRYPTO_METHOD_TLS_SERVER));
echo @fgets($s);
}
}
?>
This is my test code. The negotation is endless among server script and
Mozilla-Thunderbird.
When I start the script below, my browser tell me: there are no
conforming algorithms available.
$c=stream_socket_server('ssl://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls);
The Discription ("stream_socket_enable_crypto ( resource stream, bool
enable [, int crypto_type [, resource session_stream]] )") is obscure.
What is "resource session_stream"? This word is singly used there and
no records describe it.
------------------------------------------------------------------------
[2006-02-22 11:13:23] Jacek at veo dot pl
The same problem.
------------------------------------------------------------------------
[2006-02-22 11:06:28] [EMAIL PROTECTED]
Wez, plz take a look at this reproduce code:
<?php
$ssl = stream_socket_server('tcp://127.0.0.1:4445', $errnum, $errstr);
stream_socket_enable_crypto($ssl, TRUE,
STREAM_CRYPTO_METHOD_SSLv23_SERVER);
?>
------------------------------------------------------------------------
[2006-02-18 18:20:45] Jacek at veo dot pl
Description:
------------
I am creating a SMTP server based on PHP. I have a problem with TLS
encryption. I tried to enable crypto after stream_socket_accept - it
failed.
./configure --with-apxs2 --with-config-file-path --with-libxml-dir
--with-zlib --with-zlib-dir --enable-bcmath --with-bz2
--enable-calendar --with-curl --enable-dba --with-inifile
--with-flatfile --enable-dbase --enable-exif --enable-filepro
--enable-ftp --with-openssl --with-openssl-dir --with-gd
--with-jpeg-dir --with-png-dir --without-xpm-dir --with-freetype-dir
--enable-gd-native-ttf --with-imap --with-imap-ssl --enable-mbstring
--with-mysql --with-mysqli --with-pdo-mysql --enable-soap
--enable-sockets --enable-sqlite-utf8 --with-xmlreader
--enable-memory-limit --with-iconv --with-ncurses
Reproduce code:
---------------
<?php
$context = stream_context_create();
stream_context_set_option($context, 'tls', 'local_cert',
'/server.misc');
echo 1;
$ssl = stream_socket_server('tls://0.0.0.0:4445', $errnum, $errstr,
STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context);
echo 2;
stream_socket_enable_crypto($ssl, TRUE,
STREAM_CRYPTO_METHOD_TLS_SERVER);
echo 3;
fclose($ssl);
?>
Expected result:
----------------
123
Actual result:
--------------
12
And script is running. When I try to connect - I can, but script don't
"go ahead".
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=36445&edit=1
