SSL Socket connection problems

General PHP Help
#1

Need to conduct an SSL Socket session via PHP.

The following openssl command line works:

openssl s_client -cert ‘/path/to/cert/cert.pem’ -key ‘/path/to/key/key.pem’ -CAfile /path/to/ca/ca.crt -connect my.host.tld:12345

But I can’t seem to “make it happen” via PHP.

After reading that fsockopen() does not support an SSL “context” parameter in PHP 5, I tried a simpler test via stream_context_create() and stream_socket_client(), etc., but it seems that I can’t supply the same arguments/opitons to stream_context_create as I can to openssl. For instance, stream_context_create seems not to allow setting a “key” option, but seems to require cert passphrase which the working ssl command does not require (not to mention that I do not know the password for the cert.

It would be really cool if I could so soemthing like this, but I’m stuck as to how to resolve the “key vs. cert password” issue:

<?php $host = 'my.host.tld'; $port = 12345; $timeout = 10; $cert = '/path/to/cert/cert.pem'; $key = '/path/to/cafile/cafile.pem'; $cafile = '/path/to/cafile/cafile.pem'; $context = stream_context_create(array('ssl'=>array('local_cert'=>$cert, 'key'=>'$key, 'cafile'=>'$cafile, ))); if ($fp = stream_socket_client('ssl://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)) { fwrite($fp, "n"); echo fread($fp, 26); fclose($fp); } else { echo "ERROR: $errno - $errstr
n"; } ?>

Any help appreciated.

#2

i have never made a ssl conection via php. so i’m not gonna be a big help.

but i would like to offer u a plan b. if u don’t get it done via a php-socket-connection.

u may use the exec/shel_ecec commands or in ur case the proc_-functions to get ur ssl-conection via the console done.
http://de.php.net/exec

#3

Some may find it useful to know that your caCert

must be in pem format, and that PHP seems to like

your key, cert, and cacert pem’s to be concatenated

in a single file (I suffered various “unknown chain”

errors, otherwise)

So, (linux users), concat your components as follows:

(where current working dir is dir where

cert components are stored)

cat key.pem >certchain.pem

cat cert.pem >>certchain.pem

cat cacert.pem >>certchain.pem

Then, the php…

##################################

<?php $host = 'host.domain.tld'; $port = 1234; $timeout = 10; $cert = '/path/to/your/certchain/certchain.pem'; $context = stream_context_create(array('ssl'=>array('local_cert'=> $cert, ))); if ($fp = stream_socket_client('ssl://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)) { fwrite($fp, "n"); echo fread($fp,8192); fclose($fp); } else { echo "ERROR: $errno - $errstr
n"; } ?>
Sponsor our Newsletter | Privacy Policy | Terms of Service