使用TLS在PHP中建立连接
[英]Making a connection in PHP using TLS
问题描述
I wrote a small SIP client for a special purpose. 
我为特殊目的编写了一个小型SIP客户端。 Basically it connects to port 5060 using function fsockopen() 基本上,它使用函数fsockopen()连接到端口5060
$fp = fsockopen("10.0.0.1", 5060, $errno, $errstr, 30);
and then basically reads and writes SIP commands using fread() and fwrite() . 然后基本上使用fread()和fwrite()读写SIP命令。
Now my SIP service operator wants us clients to use SIPS which is basically SIP over TLS. 现在,我的SIP服务运营商希望我们的客户使用SIPS,它基本上是基于TLS的SIP。 I've spent hours looking for information on how to connect to a port with TLS using PHP but without any success. 我花了数小时寻找有关如何使用PHP使用TLS连接到端口的信息,但没有成功。 Apparently the fsockopen() supports TLS to an extent but when I replaced the above with: 显然, fsockopen()在某种程度上支持TLS,但是当我将以上内容替换为:
$fp = fsockopen("tls://10.0.0.1", 5061, $errno, $errstr, 10);
I get nothing. 我什么都没有。 I can connect to the server from my shell with with OpenSSL client: 我可以使用OpenSSL客户端从外壳连接到服务器:
$ openssl s_client -connect 10.0.0.1:5061
And I can communicate with the SIP server through that connection without problems. 而且我可以通过该连接与SIP服务器通信,而不会出现问题。 OpenSSL support is compiled in the PHP. OpenSSL支持在PHP中进行编译。
My problem is that I can't set up the TLS connection with the server in PHP. 我的问题是我无法在PHP中与服务器建立TLS连接。 I noticed in some forums that in older versions of PHP it was possible to build and use the SSL context with fsockopen() but apparently not anymore, since I get an error about too many parameters. 我在一些论坛中注意到,在旧版本的PHP中,可以通过fsockopen()构建和使用SSL上下文,但显然不再可用,因为我收到有关太多参数的错误消息。
I also tried using stream_context_create() with stream_context_set_option() but I get no replies from the server: 我还尝试将stream_context_create()与stream_context_set_option()但没有从服务器得到任何答复:
$context = stream_context_create();
$result=stream_context_set_option($context, 'ssl', 'verify_peer', 'TRUE');
$result=stream_context_set_option($context, 'ssl', 'cafile', 'cert.cer');
$result=stream_context_set_option($context, 'ssl', 'verify_depth', '5');
$fp = stream_socket_client('tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
but I still can't get any replies or errors from the server. 但我仍然无法从服务器获得任何答复或错误。 What is the recommended and working way of using TLS in PHP? 在PHP中使用TLS的推荐工作方式是什么?
4 个解决方案
解决方案1
2 2014-01-29 13:49:11
I think some of your options are wrong for validating self signed certificates; 我认为您的某些选择对于验证自签名证书是错误的; the following should be enough to make it work: 以下内容足以使其正常工作:
$context = stream_context_create([
'ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'local_cert' => 'cert.cer',
],
]);
解决方案2
2 已采纳 2014-02-08 12:15:13
This is enough to open a TLS connection: 这足以打开TLS连接:
$context = stream_context_create();
$fp = stream_socket_client('tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)
if the certificates are in their place. 如果证书已到位。 If they are not, follow the instructions linked by Filippos. 如果不是,请按照Filippos链接的说明进行操作。
解决方案3
0 2014-01-29 13:35:18
You will also need to install the appropriate certificates to get TLS working. 您还需要安装适当的证书才能使用TLS。 Check this SO question for an example of how to use your key files with regular TLS connections. 请查看此SO问题 ,以获取有关如何通过常规TLS连接使用密钥文件的示例。
Also, check the specs of SIPS itself in RFC 5630 . 另外,请检查RFC 5630中SIPS本身的规范。
解决方案4
0 2017-09-26 08:10:48
I just recently encountered this error, debugging here and there for connection problem or proxy problem, finally found the culprit ... and the solution was to install php-pecl-crypto extension. 我最近刚遇到此错误,并在此处调试连接问题或代理问题,最后找到了罪魁祸首...解决方案是安装php-pecl-crypto扩展。
My machine is centos 7 using remi-repo for PHP 我的机器是centos 7,使用remi-repo for PHP
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.