ID: 36445 Comment by: eddi at ai000 dot de Reported By: Jacek at veo dot pl Status: Assigned Bug Type: Sockets related Operating System: SuSE Linux 9.1 PHP Version: 5.1.3 Assigned To: wez New Comment:
May be the stream_socket_server() works fine yet, but, Erik, it is NOT the point exactly. SMTP services listen on an _unencrypted_ stream. An implemetation of the extension for secure SMTP over transport layer security (http://www.ietf.org/rfc/rfc3207.txt) needs the ability (provided by stream_socket_enable_crypto()) to encrypting stream belated. It does not work and this is the point. Previous Comments: ------------------------------------------------------------------------ [2006-05-26 09:51:12] Jacek at veo dot pl Code: ----- <?php $context = stream_context_create(array( 'ssl' => array( 'verify_peer' => FALSE, 'allow_self_signed' => TRUE, 'local_cert' => '/host.pem' ) )); echo 1; $ssl = stream_socket_server('ssl://0.0.0.0:4445', $errnum, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context); echo 2; stream_socket_enable_crypto($ssl, TRUE, STREAM_CRYPTO_METHOD_TLS_SERVER); echo 3; fclose($ssl); ?> Result: ------- I created combined file, as on the website, but I receive (PHP 5.1.4): Warning: stream_socket_enable_crypto(): Unable to set private key file `/host.pem' in /repr.php on line 15 Warning: stream_socket_enable_crypto(): failed to create an SSL handle in /repr.php on line 15 ------------------------------------------------------------------------ [2006-05-26 02:19:28] e at osterman dot com I too had problems with this. It works for me on PHP 5.1.2- 1+b1 (cli) (built: Mar 20 2006 04:17:24). You must specify the certificate in PEM format, and use "ssl" as the key for the resource context. How to create PEM file? go here: http://sial.org/howto/openssl/self-signed/ ------------------------------------------------------------------------ [2006-05-05 18:43:16] eddi at ai000 dot de OS: GNU/Linux 2.6.16.14 (gentoo) OpenSSL: 0.9.7i PHP: 5.1.4 CLI Today I got this warning: Warning: stream_socket_enable_crypto(): SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option) ... (file xp_ssl.c line 131) To do that (set option) there are no way. ------------------------------------------------------------------------ [2006-05-05 12:55:32] Jacek at veo dot pl Description: ------------ I (re)compiled OpenSSL 0.9.8b and PHP 5.1.3 Actual result: -------------- My first code: 12Segmentation fault >From [EMAIL PROTECTED]: Warning: stream_socket_enable_crypto(): SSL operation failed with code 111. OpenSSL Error messages: error:00000000:lib(0):func(0):reason(0) in /test.php on line 4 GDB: ---- gdb --args php /test.php (gdb) run Starting program: /usr/bin/php /test.php [Thread debugging using libthread_db enabled] [New Thread 1082760448 (LWP 2419)] 12 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1082760448 (LWP 2419)] 0x40390beb in sk_num () from /usr/local/ssl/lib/libcrypto.so.0.9.8 (gdb) quit The program is running. Exit anyway? (y or n) y ------------------------------------------------------------------------ [2006-05-04 19:15:24] eddi at ai000 dot de #!/opt/php/513/bin/php <?php error_reporting(2047); $c=array('tls'=>array( 'verify_peer' =>false, 'allow_self_signed' =>true, 'cafile' =>'/opt/php/testscripts/newkey.pem', 'capath' =>'/opt/php/testscripts/', 'local_cert' =>'/opt/php/testscripts/newkey.pem', 'passphrase' =>'smtp', 'CN_match' =>'ai000.de' ) ); $tls=stream_context_create($c); $c=stream_socket_server('tcp://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls); while(1){ if([EMAIL PROTECTED]($c)){ echo "Verbindung\n".openssl_error_string()."\n\n"; @fwrite($s,"220 ESMTP\r\n"); echo @fgets($s); @fwrite($s,"250 STARTTLS\r\n"); echo @fgets($s); @fwrite($s,"220 ESMTP\r\n"); var_dump(stream_socket_enable_crypto($s,true,STREAM_CRYPTO_METHOD_TLS_SERVER)); echo @fgets($s); } } ?> This is my test code. The negotation is endless among server script and Mozilla-Thunderbird. When I start the script below, my browser tell me: there are no conforming algorithms available. $c=stream_socket_server('ssl://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls); The Discription ("stream_socket_enable_crypto ( resource stream, bool enable [, int crypto_type [, resource session_stream]] )") is obscure. What is "resource session_stream"? This word is singly used there and no records describe it. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36445 -- Edit this bug report at http://bugs.php.net/?id=36445&edit=1
