ID: 36445 Comment by: e at osterman dot com Reported By: Jacek at veo dot pl Status: Assigned Bug Type: Sockets related Operating System: SuSE Linux 9.1 PHP Version: 5.1.3 Assigned To: wez New Comment:
I too had problems with this. It works for me on PHP 5.1.2- 1+b1 (cli) (built: Mar 20 2006 04:17:24). You must specify the certificate in PEM format, and use "ssl" as the key for the resource context. How to create PEM file? go here: http://sial.org/howto/openssl/self-signed/ Previous Comments: ------------------------------------------------------------------------ [2006-05-05 18:43:16] eddi at ai000 dot de OS: GNU/Linux 2.6.16.14 (gentoo) OpenSSL: 0.9.7i PHP: 5.1.4 CLI Today I got this warning: Warning: stream_socket_enable_crypto(): SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option) ... (file xp_ssl.c line 131) To do that (set option) there are no way. ------------------------------------------------------------------------ [2006-05-05 12:55:32] Jacek at veo dot pl Description: ------------ I (re)compiled OpenSSL 0.9.8b and PHP 5.1.3 Actual result: -------------- My first code: 12Segmentation fault >From [EMAIL PROTECTED]: Warning: stream_socket_enable_crypto(): SSL operation failed with code 111. OpenSSL Error messages: error:00000000:lib(0):func(0):reason(0) in /test.php on line 4 GDB: ---- gdb --args php /test.php (gdb) run Starting program: /usr/bin/php /test.php [Thread debugging using libthread_db enabled] [New Thread 1082760448 (LWP 2419)] 12 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1082760448 (LWP 2419)] 0x40390beb in sk_num () from /usr/local/ssl/lib/libcrypto.so.0.9.8 (gdb) quit The program is running. Exit anyway? (y or n) y ------------------------------------------------------------------------ [2006-05-04 19:15:24] eddi at ai000 dot de #!/opt/php/513/bin/php <?php error_reporting(2047); $c=array('tls'=>array( 'verify_peer' =>false, 'allow_self_signed' =>true, 'cafile' =>'/opt/php/testscripts/newkey.pem', 'capath' =>'/opt/php/testscripts/', 'local_cert' =>'/opt/php/testscripts/newkey.pem', 'passphrase' =>'smtp', 'CN_match' =>'ai000.de' ) ); $tls=stream_context_create($c); $c=stream_socket_server('tcp://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls); while(1){ if([EMAIL PROTECTED]($c)){ echo "Verbindung\n".openssl_error_string()."\n\n"; @fwrite($s,"220 ESMTP\r\n"); echo @fgets($s); @fwrite($s,"250 STARTTLS\r\n"); echo @fgets($s); @fwrite($s,"220 ESMTP\r\n"); var_dump(stream_socket_enable_crypto($s,true,STREAM_CRYPTO_METHOD_TLS_SERVER)); echo @fgets($s); } } ?> This is my test code. The negotation is endless among server script and Mozilla-Thunderbird. When I start the script below, my browser tell me: there are no conforming algorithms available. $c=stream_socket_server('ssl://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls); The Discription ("stream_socket_enable_crypto ( resource stream, bool enable [, int crypto_type [, resource session_stream]] )") is obscure. What is "resource session_stream"? This word is singly used there and no records describe it. ------------------------------------------------------------------------ [2006-02-22 11:13:23] Jacek at veo dot pl The same problem. ------------------------------------------------------------------------ [2006-02-22 11:06:28] [EMAIL PROTECTED] Wez, plz take a look at this reproduce code: <?php $ssl = stream_socket_server('tcp://127.0.0.1:4445', $errnum, $errstr); stream_socket_enable_crypto($ssl, TRUE, STREAM_CRYPTO_METHOD_SSLv23_SERVER); ?> ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36445 -- Edit this bug report at http://bugs.php.net/?id=36445&edit=1
