ID: 36445 Comment by: e at osterman dot com Reported By: Jacek at veo dot pl Status: Assigned Bug Type: Sockets related Operating System: SuSE Linux 9.1 PHP Version: 5.1.3 Assigned To: wez New Comment:
Eddi, you indeed appear to be correct. I was writing an SSL TCP Server, which gave off the same error message so I assumed they were related. My fix there did NOT work for the TLS implementation. As you mentioned, TLS is a different way of implementing SSL, which as it stands currently in PHP5, I aggree it appears to be broken. There is one issue with your above example. The wrapper should be "ssl" even for "tls" communications (but that doesn't make it work). Wez talks more about it in http://bugs.php.net/33192. Wez Furlong: {{{ The context options for openssl, including tls, are all bundled under the name "ssl". I think your code should probably look more like this: $c = stream_context_create(array( "ssl" => array( "local_cert" => "sec.pem", ... other options ... ) ); }}} Previous Comments: ------------------------------------------------------------------------ [2006-05-26 12:28:56] eddi at ai000 dot de May be the stream_socket_server() works fine yet, but, Erik, it is NOT the point exactly. SMTP services listen on an _unencrypted_ stream. An implemetation of the extension for secure SMTP over transport layer security (http://www.ietf.org/rfc/rfc3207.txt) needs the ability (provided by stream_socket_enable_crypto()) to encrypting stream belated. It does not work and this is the point. ------------------------------------------------------------------------ [2006-05-26 09:51:12] Jacek at veo dot pl Code: ----- <?php $context = stream_context_create(array( 'ssl' => array( 'verify_peer' => FALSE, 'allow_self_signed' => TRUE, 'local_cert' => '/host.pem' ) )); echo 1; $ssl = stream_socket_server('ssl://0.0.0.0:4445', $errnum, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context); echo 2; stream_socket_enable_crypto($ssl, TRUE, STREAM_CRYPTO_METHOD_TLS_SERVER); echo 3; fclose($ssl); ?> Result: ------- I created combined file, as on the website, but I receive (PHP 5.1.4): Warning: stream_socket_enable_crypto(): Unable to set private key file `/host.pem' in /repr.php on line 15 Warning: stream_socket_enable_crypto(): failed to create an SSL handle in /repr.php on line 15 ------------------------------------------------------------------------ [2006-05-26 02:19:28] e at osterman dot com I too had problems with this. It works for me on PHP 5.1.2- 1+b1 (cli) (built: Mar 20 2006 04:17:24). You must specify the certificate in PEM format, and use "ssl" as the key for the resource context. How to create PEM file? go here: http://sial.org/howto/openssl/self-signed/ ------------------------------------------------------------------------ [2006-05-05 18:43:16] eddi at ai000 dot de OS: GNU/Linux 2.6.16.14 (gentoo) OpenSSL: 0.9.7i PHP: 5.1.4 CLI Today I got this warning: Warning: stream_socket_enable_crypto(): SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option) ... (file xp_ssl.c line 131) To do that (set option) there are no way. ------------------------------------------------------------------------ [2006-05-05 12:55:32] Jacek at veo dot pl Description: ------------ I (re)compiled OpenSSL 0.9.8b and PHP 5.1.3 Actual result: -------------- My first code: 12Segmentation fault >From [EMAIL PROTECTED]: Warning: stream_socket_enable_crypto(): SSL operation failed with code 111. OpenSSL Error messages: error:00000000:lib(0):func(0):reason(0) in /test.php on line 4 GDB: ---- gdb --args php /test.php (gdb) run Starting program: /usr/bin/php /test.php [Thread debugging using libthread_db enabled] [New Thread 1082760448 (LWP 2419)] 12 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1082760448 (LWP 2419)] 0x40390beb in sk_num () from /usr/local/ssl/lib/libcrypto.so.0.9.8 (gdb) quit The program is running. Exit anyway? (y or n) y ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36445 -- Edit this bug report at http://bugs.php.net/?id=36445&edit=1
