Hello again,
Just to say that I have tested the script on php.net manual that
generates a cert and then trys to connect (slightly modified the end of
file [removing the while(true) section to just test the connection]) and
I get exactly the same error.
Source : http://php.net/manual/en/function.stream-socket-server.php
Here is the full test script :
<?php
// Hello World! SSL HTTP Server.
// Tested on PHP 5.1.2-1+b1 (cli) (built: Mar 20 2006 04:17:24)
// Certificate data:
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@xxxxxxxxxxx"
);
// Generate certificate
$privkey = openssl_pkey_new();
$cert = openssl_csr_new($dn, $privkey);
$cert = openssl_csr_sign($cert, null, $privkey, 365);
// Generate PEM file
# Optionally change the passphrase from 'comet' to whatever you want,
or leave it empty for no passphrase
$pem_passphrase = 'comet';
$pem = array();
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privkey, $pem[1], $pem_passphrase);
$pem = implode($pem);
// Save PEM file
$pemfile = './server.pem';
file_put_contents($pemfile, $pem);
$context = stream_context_create();
// local_cert must be in PEM format
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
// Pass Phrase (password) of private key
stream_context_set_option($context, 'ssl', 'passphrase', $pem_passphrase);
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
// Create the server socket
$server = stream_socket_client('ssl://test.server.com:978', $errno,
$errstr,30, STREAM_CLIENT_CONNECT, $context);
if($server)
{
print('ok');
}
?>
I still get the error :
Warning: stream_socket_client(): SSL operation failed with code 1.
OpenSSL Error messages:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca in
/home/richard/test.php on line 44
I think this proves that it's not my certificate at fault but maybe a
problem with OpenSSL…
What do you think ?
Thank you,
Richard
Le 19/10/10 20:46, Richard a écrit :
No I didn't have a passphrase on the local cert when I created it.
I noticed that I only sent it to you and then sent the same message to
the list.
Thank you,
Richard
Le 19/10/10 20:28, Tommy Pham a écrit :
-----Original Message-----
From: Richard [mailto:php_list@xxxxxx]
Sent: Tuesday, October 19, 2010 11:22 AM
To: Tommy Pham
Subject: Re: PHP stream_socket_client OpenSSL error (unknown ca)
I left the pasphrase blank, I've just tried with a blank passphrase but
it
doesn't help.
<?php
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert',
'./afnic.pem');
stream_context_set_option($context, 'ssl', 'passphrase', '');
stream_context_set_option($context, 'ssl', 'allow_self_signed',
TRUE);
stream_context_set_option($context, 'ssl', 'verify_peer', FALSE);
$connexion = stream_socket_client('ssl://epp.test.nic.fr:700',
$errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
if($connexion) {
print('succes');
}
?>
What I meant was that did you have a passphrase on your actual local
cert
when you created it?
PS: Please cc the list also so others would know what's going and can
help
troubleshoot and not reiterate what've been tried already.
Le 19/10/10 20:16, Tommy Pham wrote :
-----Original Message-----
From: Richard [mailto:php_list@xxxxxx]
Sent: Tuesday, October 19, 2010 10:50 AM
To: php-general@xxxxxxxxxxxxx
Subject: PHP stream_socket_client OpenSSL error (unknown ca)
Hello,
I'm having some problems connecting to a server using the
following php
script :
<?php
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert',
'./cert.pem');
stream_context_set_option($context, 'ssl', 'allow_self_signed',
TRUE);
stream_context_set_option($context, 'ssl', 'verify_peer', FALSE);
$ctn = stream_socket_client('ssl://distant.server.com:987',
$errno,
$errstr,
30, STREAM_CLIENT_CONNECT, $context);
if($ctn) {
print('Connected !');
}
?>
Just curious,
'passphrase string
Passphrase with which your local_cert file was encoded' quoted from
[1].
Regards,
Tommy
[1] http://us3.php.net/manual/en/context.ssl.php
cert.pem is a self signed certificate that I generated a few days
ago,
it
contains both RSA Key and Certificate and I have supplied the
certificate
to
the distant server.
When I launch the script I get the following errors :
Warning: stream_socket_client(): SSL operation failed with code 1.
OpenSSL Error messages:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca in
/path/to/my/test.php on line 7
As it is a self signed certificate there is no CA so I added the two
lines
:
stream_context_set_option($context, 'ssl', 'allow_self_signed',
TRUE);
stream_context_set_option($context, 'ssl', 'verify_peer', FALSE);
but that did not fix the problem.
This is my first script that connects through a socket using SSL,
but I
think
that it doesn't even get out of the server because it doesn't like
the
certificate. Do you have any ideas about how I could get this
working ?
or
maybe just point me in the right direction. If you need any more info
please
let me know.
Thank you,
Richard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
