Cannot enable encryption for stream server (2023)

[2006-02-22 11:06 UTC] tony2001@php.net

Wez, plz take a look at this reproduce code:<?php$ssl = stream_socket_server('tcp://127.0.0.1:4445', $errnum, $errstr);stream_socket_enable_crypto($ssl, TRUE, STREAM_CRYPTO_METHOD_SSLv23_SERVER);?>

[2006-02-22 11:13 UTC] Jacek at veo dot pl

The same problem.

[2006-05-04 19:15 UTC] eddi at ai000 dot de

#!/opt/php/513/bin/php<?phperror_reporting(2047);$c=array('tls'=>array('verify_peer'=>false,'allow_self_signed'=>true,'cafile'=>'/opt/php/testscripts/newkey.pem','capath'=>'/opt/php/testscripts/','local_cert'=>'/opt/php/testscripts/newkey.pem','passphrase'=>'smtp','CN_match'=>'ai000.de'));$tls=stream_context_create($c);$c=stream_socket_server('tcp://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls);while(1){if($s=@stream_socket_accept($c)){echo "Verbindung\n".openssl_error_string()."\n\n";@fwrite($s,"220 ESMTP\r\n");echo @fgets($s);@fwrite($s,"250 STARTTLS\r\n");echo @fgets($s);@fwrite($s,"220 ESMTP\r\n");var_dump(stream_socket_enable_crypto($s,true,STREAM_CRYPTO_METHOD_TLS_SERVER));echo @fgets($s);}}?>This is my test code. The negotation is endless among server script and Mozilla-Thunderbird.When I start the script below, my browser tell me: there are no conforming algorithms available.$c=stream_socket_server('ssl://127.0.0.1:1100',$er,$es,STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$tls);The Discription ("stream_socket_enable_crypto ( resource stream, bool enable [, int crypto_type [, resource session_stream]] )") is obscure. What is "resource session_stream"? This word is singly used there and no records describe it.

[2006-05-05 12:55 UTC] Jacek at veo dot pl

Description:------------I (re)compiled OpenSSL 0.9.8b and PHP 5.1.3Actual result:--------------My first code:12Segmentation faultFrom tony2001@php.net:Warning: stream_socket_enable_crypto(): SSL operation failed with code 111. OpenSSL Error messages:error:00000000:lib(0):func(0):reason(0) in /test.php on line 4GDB:----gdb --args php /test.php(gdb) runStarting program: /usr/bin/php /test.php[Thread debugging using libthread_db enabled][New Thread 1082760448 (LWP 2419)]12Program received signal SIGSEGV, Segmentation fault.[Switching to Thread 1082760448 (LWP 2419)]0x40390beb in sk_num () from /usr/local/ssl/lib/libcrypto.so.0.9.8(gdb) quitThe program is running. Exit anyway? (y or n) y

[2006-05-05 18:43 UTC] eddi at ai000 dot de

OS: GNU/Linux 2.6.16.14 (gentoo)OpenSSL: 0.9.7iPHP: 5.1.4 CLIToday I got this warning:Warning: stream_socket_enable_crypto(): SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. This could be because the server is missing an SSL certificate (local_cert context option) ...(file xp_ssl.c line 131)To do that (set option) there are no way.

[2006-05-26 02:19 UTC] e at osterman dot com

I too had problems with this. It works for me on PHP 5.1.2-1+b1 (cli) (built: Mar 20 2006 04:17:24).You must specify the certificate in PEM format, and use "ssl" as the key for the resource context.How to create PEM file? go here: http://sial.org/howto/openssl/self-signed/

[2006-05-26 09:51 UTC] Jacek at veo dot pl

Code:-----<?php$context = stream_context_create(array('ssl' => array('verify_peer' => FALSE,'allow_self_signed' => TRUE,'local_cert' => '/host.pem')));echo 1;$ssl = stream_socket_server('ssl://0.0.0.0:4445', $errnum, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context);echo 2;stream_socket_enable_crypto($ssl, TRUE, STREAM_CRYPTO_METHOD_TLS_SERVER);echo 3;fclose($ssl);?>Result:-------I created combined file, as on the website, but I receive (PHP 5.1.4):Warning: stream_socket_enable_crypto(): Unable to set private key file `/host.pem' in /repr.php on line 15Warning: stream_socket_enable_crypto(): failed to create an SSL handle in /repr.php on line 15

[2006-05-26 12:28 UTC] eddi at ai000 dot de

May be the stream_socket_server() works fine yet, but, Erik, it is NOT the point exactly.SMTP services listen on an _unencrypted_ stream. An implemetation of the extension for secure SMTP over transport layer security (http://www.ietf.org/rfc/rfc3207.txt) needs the ability (provided by stream_socket_enable_crypto()) to encrypting stream belated. It does not work and this is the point.

[2006-05-26 18:31 UTC] e at osterman dot com

Eddi, you indeed appear to be correct. I was writing an SSL TCP Server, which gave off the same error message so I assumed they were related. My fix there did NOT work for the TLS implementation. As you mentioned, TLS is a different way of implementing SSL, which as it stands currently in PHP5, I aggree it appears to be broken. There is one issue with your above example. The wrapper should be "ssl" even for "tls" communications (but that doesn't make it work).Wez talks more about it in http://bugs.php.net/33192.Wez Furlong:{{{The context options for openssl, including tls, are all bundled under the name "ssl". I think your code should probably look more like this:$c = stream_context_create(array( "ssl" => array( "local_cert" => "sec.pem", ... other options ... ));}}}

[2006-05-27 04:30 UTC] eddi at ai000 dot de

Sorry. You misconceive or misread it. Please understand difference between server sockets and client sockets.There are no way to set context options and to give this context stream_socket_enable_crypto().

[2006-05-31 21:00 UTC] e at osterman dot com

The below example calls stream_socket_enable_crypto on client stream socket and on a server stream socket. It works on my version of PHP 5.1.2 just fine. So, if it doesn't work for you then, we can determine what version of PHP5 is broken.This is the output.e@eon:~/dev/examples/tls$ ./tls-server.php1: STARTTLSError (if any):2: EHLO worldAs you see... no errors. It got the "EHLO world" command sent over an TLS channel from the client just fine.e@eon:~/dev/examples/tls$ ./tls-client.php1: 220 ESMTP2: 250 STARTTLSbool(true)This is the code that produced the output. Below is the code I use to make a sample TLS SMTP server. It works perfectly on my platform and version of PHP. The output from the tests are above.#!/usr/bin/php5<?php// Hello World! SMTP TLS Server// Tested on PHP 5.1.2-1+b1 (cli) (built: Mar 20 2006 04:17:24)$context = stream_context_create();// local_cert must be in PEM formatstream_context_set_option($context, 'ssl', 'local_cert', './server.pem');// Pass Phrase (password) of private keystream_context_set_option($context, 'ssl', 'passphrase', 'comet');stream_context_set_option($context, 'ssl', 'allow_self_signed', true);stream_context_set_option($context, 'ssl', 'verify_peer', false);// Create the server socket$server = stream_socket_server('tcp://0.0.0.0:9001', $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);while(1){ if($client=stream_socket_accept($server)){ @fwrite($client,"220 ESMTP\r\n"); @fwrite($client,"250 STARTTLS\r\n"); // Client should now send STARTTLS echo "1: " . @fgets($client); // We start the SSL Channel stream_socket_enable_crypto($client,true,STREAM_CRYPTO_METHOD_TLS_SERVER); echo "Error (if any): ".openssl_error_string()."\n"; @fwrite($client,"220 ESMTP\r\n"); echo "2: " . @fgets($client); }}?>#!/usr/bin/php5<?$fp = fsockopen("tcp://localhost", 9001, $errno, $errstr,30);if (!$fp) die ("Unable to connect: $errstr ($errno)");echo "1: " . fgets($fp);echo "2: " . fgets($fp);fwrite($fp, "STARTTLS\r\n");var_dump(stream_socket_enable_crypto($fp,true,STREAM_CRYPTO_METHOD_TLS_CLIENT) );fwrite($fp, "EHLO world");?>

[2006-05-31 21:03 UTC] e at osterman dot com

And just to make sure we're using the same tools to test, this is the certificate that I used to make the test above work. The pass phrase is "comet".-----BEGIN CERTIFICATE-----MIIDgTCCAuqgAwIBAgIJAMgtIWVzb1oIMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxFDASBgNVBAoTC091ciBDb21wYW55MQ0wCwYDVQQLEwRUZXN0MQwwCgYDVQQDEwNEZXYxGzAZBgkqhkiG9w0BCQEWDGFzZEBob3N0LmNvbTAeFw0wNjA1MjYwMTM4NTRaFw0wNzA1MjYwMTM4NTRaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxFDASBgNVBAoTC091ciBDb21wYW55MQ0wCwYDVQQLEwRUZXN0MQwwCgYDVQQDEwNEZXYxGzAZBgkqhkiG9w0BCQEWDGFzZEBob3N0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3mStTm74kOQCelquoGI/WyUIOvngDdNcJGmi2xnzDpRjKfQTH/3VVDQJUwvjKcLxnBQHFg7MnvEZrfC3LEmFajAzRKjXK5gUCQEQKqhbVsfZO+7ANq4axNldd4UgMhPeZIKr8DDtP3pjFqFSYh/dtOq2pfDXSbstmCZ1Q3GAYDcCAwEAAaOB8DCB7TAdBgNVHQ4EFgQUWQSzc00pkM9aCzsxKJpTYm3kwEUwgb0GA1UdIwSBtTCBsoAUWQSzc00pkM9aCzsxKJpTYm3kwEWhgY6kgYswgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtMb3MgQW5nZWxlczEUMBIGA1UEChMLT3VyIENvbXBhbnkxDTALBgNVBAsTBFRlc3QxDDAKBgNVBAMTA0RldjEbMBkGCSqGSIb3DQEJARYMYXNkQGhvc3QuY29tggkAyC0hZXNvWggwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA7G/XKQ9kLTZOcVAG/IOxdn9tW38sEwHifNQ7zMSS5di1MmnD5JJWdK/s4dzN06T1Ey5FCu2kafFzk48khZpoPsXMRF8DNBXLVSCGj4maPtEviJVjwtj3XwZjA82a8A/Yil0+fo25zPX4I4oBcbl3bPqzVPXxsQ7myp9f7MDZcbQ==-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,E4476A175B6608B6r0sox8H5ijuOanXwYFtIDgPti3AAuIUdy5EJG9GZbrtQHEW6HL+YxdI58Ng70t4wEfBvcuLb7XAGsJwF65yad0vSXsYv6F+0brEefEvZX3ljxUZ3yGfHVJyEdBWJty7XA8QpqOVVQseAST1IKeWOIT16/a9ZOgwnIhQe36y43pxBwL5tumXTM+AuWPOBW8c0s49I8GyptttGJpcFohLsmP9Jza/fMIzYFNeuOBQ93fieCcVXBd2fWNyZVEsOU5Mikt5FQ9Lc9F8Wc+Mh0xiodDz6H+2yNIMC2SNu/mDSAGwDCctBZ34enFDad/eBiYW+iTjMaqWGFs+cantSgVQ6pdZWYQd5Rsb3/Qbcfia/C1vtzWipBG7wlQCsNWwceXx/f8hqWl5kyCxvBdH9eyRNMVJkCbFABl9tnaMGRi/UnVL68wgUvosAsdCjUrdL3x7Oi6yMBrxYjACbYslPFaG5OtgXcbacBKjsVMkcRYRyGqClgVZHICYZXhZoZTjOsgT4L9WivT1RnozmFUMPaXbnxX4h/B3v6aSYAc4mPM6oMFTiXGJ7cLoafNw7Fxug7oeF0+04DykzFCsLw1PmnkXP/WliQ+xidKJeKl2bR0k5MjAs0ksjelk7hAbCDjE0ct0wLAHuvf6haClaFBa0ugL90S6BBdIQad9GRmAqZlVc5tANZleXFEY2wKUSMddIKzsmnouipBWt3flDyYaFRtF20IYYk59z3zlqk73U/cFRkpT9SvHbxdsjTX1OvsmuhMzV5K4+1QaBK4vePOFeEHDAkwGGqI1Wj+2lC6pxdLe3tjIzNWN1eaq59Q==-----END RSA PRIVATE KEY-----

[2006-06-01 07:35 UTC] Jacek at veo dot pl

PHP 5.1.4 + OpenSSL 0.9.8b:======== SERVER ========serwer:/tls # php tls-server.php1: STARTTLSWarning: stream_socket_enable_crypto(): Unable to set private key file `./server.pem' in /tls/tls-server.php on line 30Warning: stream_socket_enable_crypto(): failed to create an SSL handle in /tls/tls-server.php on line 30Error (if any):2: YUFE@40Tz�F�~F1�V�hxK.985/32~}|yxwtsrWarning: stream_socket_accept(): accept failed: Connection timed out in /tls/tls-server.php on line 2======== CLIENT ========serwer:/tls # php tls-client.php1: 220 ESMTP2: 250 STARTTLSWarning: stream_socket_enable_crypto(): SSL operation failed with code 114. OpenSSL Error messages:error:00000000:lib(0):func(0):reason(0) in /tls/tls-client.php on line 10bool(false)

[2006-07-24 18:58 UTC] gladyston at eacnet dot com dot br

--> Apache 2.2--> PHP Version 5.1.4 --> Linux 2.6.8-2-386 Aug 16 12:46:35 UTC 2005 i686 GNU/Linux<?php$url="https://shopline.itau.com.br/shopline/consulta.asp?DC=N183Z175F213E11E234B109E158C173O228K60Y165W217L103M205X7D136G92Q103R208F14E7W147L40Q103G244F243W216Z177K39S36F154S121D205D155A136V";$handle = fopen($url, "r");?>Warning: fopen() [function.fopen]: SSL operation failed with code 114. OpenSSL Error messages: error:00000000:lib(0):func(0):reason(0) in /home/gladyston/webservice/t2.php on line 3Warning: fopen() [function.fopen]: Failed to enable crypto in /home/gladyston/webservice/t2.php on line 3Warning: fopen(https://shopline.itau.com.br/shopline/consulta.asp?DC=N183Z175F213E11E234B109E158C173O228K60Y165W217L103M205X7D136G92Q103R208F14E7W147L40Q103G244F243W216Z177K39S36F154S121D205D155A136V) [function.fopen]: failed to open stream: Bad file descriptor in /home/gladyston/webservice/t2.php on line 3Ass,Gladyston BatistaBelo Horizonte - Brazil

[2006-07-26 08:49 UTC] magicaltux at gmail dot com

I'm working on a PHP-based SMTP server, and I also have problems with STARTTLS.The full sourcecode can be fetched from:http://ookoo.org/svn/pinetd/The STARTTLS function does *not* work.Warning: stream_socket_enable_crypto(): SSL operation failed with code 111. OpenSSL Error messages:error:00000000:lib(0):func(0):reason(0) in /usr/local/pinetd/daemon/25.php on line 373

[2006-07-28 22:53 UTC] shopping at jth dot net

Server Version: Apache/2.2.0 (Fedora) mod_ssl/2.2.0 OpenSSL/0.9.8a mod_cntr/2.5.6 PHP/5.1.4 mod_perl/2.0.2 Perl/v5.8.8$url = "https://....."; URL working fine in browser$fd = fopen($url, "r");resultfopen() [<a href='function.fopen'>function.fopen</a>]: SSL operation failed with code 114. OpenSSL Error messages:error:00000000:lib(0):func(0):reason(0) in .....fopen() [<a href='function.fopen'>function.fopen</a>]: Failed to enable crypto in .....

[2006-07-29 13:49 UTC] shopping at jth dot net

See http://bugs.mysql.com/bug.php?id=21337 and related bugs

[2007-05-19 18:47 UTC] Jacek at veo dot pl

Closing - anything works now (self-compiled PHP 5.2.2, OpenSSL 0.9.8c included to Ubuntu 7.04).