SSL在Windows上的PHP5.6中不起作用
[英]SSL not work in PHP5.6 on Windows
问题描述
I tried: 
我试过了:
$host = 'ssl://fbcdn-sphotos-c-a.akamaihd.net';
$port = 443;
$fp = fsockopen($host, $port, $errno, $errstr, 30);
if (!$fp) {
var_dump($errno, $errstr);
} else {
echo 'Connected';
}
And: 和:
$host = 'ssl://fbcdn-sphotos-c-a.akamaihd.net:443';
$fp = stream_socket_client($host, $errno, $errstr, 30);
if (!$fp) {
var_dump($errno, $errstr);
} else {
echo 'Connected';
}
But both returns: 但是两者都返回:
int(0)
string(0) ""
As if I had not been able to connect. 好像我无法连接。
- I tried PHP5.6 for x86 and PHP5.6 for x64 我尝试了x86的PHP5.6和x64的PHP5.6
- I used lastet release in http://windows.php.net/download#php-5.6 我在http://windows.php.net/download#php-5.6中使用了Lastet版本
- In Linux it seems to work normally. 在Linux中,它似乎可以正常工作。
- This only occurs with some fields, others work well. 这仅在某些字段中发生,而其他字段则运行良好。
- PHP with CURL and SSL work fine in PHP5.6 带有CURL和SSL的PHP在PHP5.6中可以正常工作
Note: Strangely in php5.4 works perfectly. 注意:奇怪的是在php5.4中完美地工作。
Is a bug in this version of PHP? 此版本的PHP中存在错误吗?
Details: 细节:
PHP 5.4.12 PHP 5.4.12
Registered Stream Socket Transports: tcp, udp, ssl, sslv3, sslv2, tls
Compiler: MSVC9 (Visual C++ 2008)
Architecture: x64
Configure Command (compile):
cscript /nologo configure.js "--enable-embed" "--enable-cli-win32" "--enable-apache2-2handler" "--enable-apache2-2filter" "--enable-apache2-4handler" "--with-mysql=shared" "--with-mysqli=shared" "--enable-pdo" "--with-pdo-mysql=shared" "--with-pgsql=shared" "--with-pdo-pgsql=shared" "--with-mcrypt=static" "--with-openssl=shared" "--enable-sockets=shared" "--enable-intl=shared" "--enable-mbstring=shared" "--enable-mbregex" "--enable-exif=shared" "--with-xmlrpc=shared" "--with-xsl=shared" "--enable-solr=shared" "--enable-solr-debug" "--with-curl=shared" "--with-tidy=shared" "--with-bz2=shared" "--enable-rar=shared" "--enable-fileinfo=shared" "--with-gettext=shared" "--with-mhash" "--with-ldap=shared" "--enable-com-dotnet=shared" "--enable-soap=shared" "--enable-shmop=shared" "--with-gmp=shared" "--with-interbase=shared" "--with-pdo-firebird=shared" "--with-sqlite3=shared" "--with-pdo-sqlite=shared" "--with-pdo-odbc=shared" "--enable-dbase=shared" "--with-pdo-oci=C:\\php-sdk\\oracle\\x64\\instantclient_10_2\\sdk,shared" "--with-oci8=C:\\php-sdk\\oracle\\x64\\instantclient_10_2\\sdk,shared" "--with-oci8-11g=C:\\php-sdk\\oracle\\x64\\instantclient_11_2\\sdk,shared" "--with-sybase-ct=shared" "--enable-couchdb=shared" "--with-couchbase=shared" "--enable-mongo=shared" "--with-imap=shared" "--enable-mailparse=shared" "--enable-pop3=shared" "--with-smtp=shared" "--with-oauth=shared" "--with-ssh2=shared" "--with-snmp=shared" "--enable-uploadprogress=shared" "--enable-http=shared" "--with-imagick=shared" "--enable-discount=shared" "--with-pdflib=shared" "--with-haru=shared" "--with-excel=shared" "--with-enchant=shared" "--enable-printer=shared" "--with-geoip=shared" "--enable-timezonedb=shared" "--with-xdebug=shared" "--enable-suhosin=shared" "--disable-optimizer-plus" "--enable-pthreads=shared" "--enable-pthreads=shared" "--enable-win32service=shared" "--with-memcached=shared" "--enable-memcache=shared" "--enable-apc=shared" "--enable-apc-srwlock-native" "--enable-apc-debug" "--enable-xcache=shared" "--enable-xcache-optimizer" "--enable-xcache-coverager" "--enable-eaccelerator=shared" "--enable-varnish=shared" "--enable-ffmpeg=shared" "--disable-security-flags"openssl
OpenSSL support: enabled
OpenSSL Library Version: OpenSSL 1.0.1c 10 May 2012
OpenSSL Header Version: OpenSSL 1.0.1e 11 Feb 2013
PHP 5.6.26 PHP 5.6.26
Registered Stream Socket Transports: tcp, udp, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
Compiler: MSVC11 (Visual C++ 2012)
Architecture: x64
Configure Command (compile):
cscript /nologo configure.js "--enable-snapshot-build" "--disable-isapi" "--enable-debug-pack" "--without-mssql" "--without-pdo-mssql" "--without-pi3web" "--with-pdo-oci=c:\\php-sdk\\oracle\\x64\\instantclient_12_1\\sdk,shared" "--with-oci8-12c=c:\\php-sdk\\oracle\\x64\\instantclient_12_1\\sdk,shared" "--enable-object-out-dir=../obj/" "--enable-com-dotnet=shared" "--with-mcrypt=static" "--without-analyzer" "--with-pgo"openssl
OpenSSL support: enabled
OpenSSL Library Version: OpenSSL 1.0.1c 10 May 2012
OpenSSL Header Version: OpenSSL 1.0.1t 3 May 2016
Openssl default config: c:/openssl-1.0.1c-X64/ssl/openssl.cnf
openssl.cafile: no value
openssl.capath: no value
2 个解决方案
解决方案1
3 已采纳 2016-10-02 01:16:10
Even PHP5.5 certificates works in a way in PHP, but after the PHP5.6 that has changed, as described in: http://php.net/manual/en/migration56.openssl.php 甚至PHP5.5证书也可以在PHP中以某种方式工作,但是在更改了PHP5.6之后,如下所述: http ://php.net/manual/en/migration56.openssl.php
All encrypted client streams now enable peer verification by default. 现在,所有加密的客户端流均默认启用对等验证。 By default, this will use OpenSSL's default CA bundle to verify the peer certificate. 默认情况下,这将使用OpenSSL的默认CA捆绑包来验证对等证书。 In most cases, no changes will need to be made to communicate with servers with valid SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles. 在大多数情况下,无需更改任何内容即可与具有有效SSL证书的服务器通信,因为分发者通常会将OpenSSL配置为使用已知的良好CA捆绑软件。
The default CA bundle may be overridden on a global basis by setting either the openssl.cafile or openssl.capath configuration setting, or on a per request basis by using the cafile or capath context options. 通过设置openssl.cafile或openssl.capath配置设置,或在每个请求的基础上,使用cafile或capath上下文选项,可以在全局基础上覆盖默认的CA捆绑包。
While not recommended in general, it is possible to disable peer certificate verification for a request by setting the verify_peer context option to FALSE , and to disable peer name validation by setting the verify_peer_name context option to FALSE . 虽然一般不推荐使用,可以禁止对方的证书验证通过和verify_peer上下文选项设置为请求FALSE ,并通过设置来禁用对等名称验证verify_peer_name上下文选项FALSE 。
The fsockopen try resolve connection using cafile , if php.ini is not configured, this show error 0 . fsockopen尝试使用cafile解析连接,如果未配置php.ini,则显示错误0 。 You can try two solutions: 您可以尝试两种解决方案:
Configure php.ini:
配置php.ini: You can download https://curl.haxx.se/ca/cacert.pem and configure php.ini like this:
您可以下载https://curl.haxx.se/ca/cacert.pem并像这样配置php.ini: openssl.cafile= "C:\\openssl\\cert\\cacert.pem"Maybe you need restart Apache/Ngnix
也许您需要重新启动Apache / Ngnix Setup in execution time:
设置执行时间: Setup
fsockopenis possible, but you can usefopen+stream_context_create, or usestream_socket_client.可以安装fsockopen,但是您可以使用fopen+stream_context_create,也可以使用stream_socket_client。Note: sometimes the servers block functions like fopen and file_get_contents of access urls
注意:有时服务器会阻止诸如fopen和访问URL的file_get_contents之类的功能 Example:
例: <?php $opts = array( 'ssl' => array( 'verify_peer' => true, 'cafile' => 'C:/openssl/cert/cacert.pem', 'verify_depth' => 5, 'CN_match' => 'fbcdn-sphotos-ca.akamaihd.net' ) ); $context = stream_context_create($opts); $host = 'ssl://fbcdn-sphotos-ca.akamaihd.net:443'; $fp = stream_socket_client($host, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); if (!$fp) { var_dump($errno, $errstr); } else { echo 'Connected'; }If you decide you need to disable checking for any reason, you can simply do this:
如果您决定出于任何原因需要禁用检查,则只需执行以下操作: <?php $host = 'ssl://fbcdn-sphotos-ca.akamaihd.net'; $port = '443'; $opts = array( 'ssl' => array( 'verify_peer' => false ) ); $context = stream_context_create($opts); $host = 'ssl://fbcdn-sphotos-ca.akamaihd.net:443'; $fp = stream_socket_client($host, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); if (!$fp) { var_dump($errno, $errstr); } else { echo 'Connected'; }
解决方案2
0 2016-09-25 14:10:25
http://php.net/stream_socket_client http://php.net/stream_socket_client
If the value returned in
errnois0and the function returnedFALSE, it is an indication that the error occurred before the [system-level]connect()call.errno返回的值为0并且函数返回FALSE,则表明该错误发生在[系统级]connect()调用之前。 This is most likely due to a problem initializing the socket.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.