[英]SSL not work in PHP5.6 on Windows
I tried: 我试过了:
$host = 'ssl://fbcdn-sphotos-c-a.akamaihd.net';
$port = 443;
$fp = fsockopen($host, $port, $errno, $errstr, 30);
if (!$fp) {
var_dump($errno, $errstr);
} else {
echo 'Connected';
}
And: 和:
$host = 'ssl://fbcdn-sphotos-c-a.akamaihd.net:443';
$fp = stream_socket_client($host, $errno, $errstr, 30);
if (!$fp) {
var_dump($errno, $errstr);
} else {
echo 'Connected';
}
But both returns: 但是两者都返回:
int(0)
string(0) ""
As if I had not been able to connect. 好像我无法连接。
Note: Strangely in php5.4 works perfectly. 注意:奇怪的是在php5.4中完美地工作。
Is a bug in this version of PHP? 此版本的PHP中存在错误吗?
PHP 5.4.12 PHP 5.4.12
Registered Stream Socket Transports: tcp, udp, ssl, sslv3, sslv2, tls
注册的流套接字传输:tcp,udp,ssl,sslv3,sslv2,tls
Compiler: MSVC9 (Visual C++ 2008)
编译器:MSVC9(Visual C ++ 2008)
Architecture: x64
架构:x64
Configure Command (compile):
配置命令(编译):
cscript /nologo configure.js "--enable-embed" "--enable-cli-win32" "--enable-apache2-2handler" "--enable-apache2-2filter" "--enable-apache2-4handler" "--with-mysql=shared" "--with-mysqli=shared" "--enable-pdo" "--with-pdo-mysql=shared" "--with-pgsql=shared" "--with-pdo-pgsql=shared" "--with-mcrypt=static" "--with-openssl=shared" "--enable-sockets=shared" "--enable-intl=shared" "--enable-mbstring=shared" "--enable-mbregex" "--enable-exif=shared" "--with-xmlrpc=shared" "--with-xsl=shared" "--enable-solr=shared" "--enable-solr-debug" "--with-curl=shared" "--with-tidy=shared" "--with-bz2=shared" "--enable-rar=shared" "--enable-fileinfo=shared" "--with-gettext=shared" "--with-mhash" "--with-ldap=shared" "--enable-com-dotnet=shared" "--enable-soap=shared" "--enable-shmop=shared" "--with-gmp=shared" "--with-interbase=shared" "--with-pdo-firebird=shared" "--with-sqlite3=shared" "--with-pdo-sqlite=shared" "--with-pdo-odbc=shared" "--enable-dbase=shared" "--with-pdo-oci=C:\\php-sdk\\oracle\\x64\\instantclient_10_2\\sdk,shared" "--with-oci8=C:\\php-sdk\\oracle\\x64\\instantclient_10_2\\sdk,shared" "--with-oci8-11g=C:\\php-sdk\\oracle\\x64\\instantclient_11_2\\sdk,shared" "--with-sybase-ct=shared" "--enable-couchdb=shared" "--with-couchbase=shared" "--enable-mongo=shared" "--with-imap=shared" "--enable-mailparse=shared" "--enable-pop3=shared" "--with-smtp=shared" "--with-oauth=shared" "--with-ssh2=shared" "--with-snmp=shared" "--enable-uploadprogress=shared" "--enable-http=shared" "--with-imagick=shared" "--enable-discount=shared" "--with-pdflib=shared" "--with-haru=shared" "--with-excel=shared" "--with-enchant=shared" "--enable-printer=shared" "--with-geoip=shared" "--enable-timezonedb=shared" "--with-xdebug=shared" "--enable-suhosin=shared" "--disable-optimizer-plus" "--enable-pthreads=shared" "--enable-pthreads=shared" "--enable-win32service=shared" "--with-memcached=shared" "--enable-memcache=shared" "--enable-apc=shared" "--enable-apc-srwlock-native" "--enable-apc-debug" "--enable-xcache=shared" "--enable-xcache-optimizer" "--enable-xcache-coverager" "--enable-eaccelerator=shared" "--enable-varnish=shared" "--enable-ffmpeg=shared" "--disable-security-flags"
openssl
的openssl
OpenSSL support: enabled
OpenSSL支持:已启用
OpenSSL Library Version: OpenSSL 1.0.1c 10 May 2012
OpenSSL库版本:OpenSSL 1.0.1c 2012年5月10日
OpenSSL Header Version: OpenSSL 1.0.1e 11 Feb 2013
OpenSSL标头版本:OpenSSL 1.0.1e 2013年2月11日
PHP 5.6.26 PHP 5.6.26
Registered Stream Socket Transports: tcp, udp, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
已注册的流套接字传输:tcp,udp,ssl,sslv3,tls,tlsv1.0,tlsv1.1,tlsv1.2
Compiler: MSVC11 (Visual C++ 2012)
编译器:MSVC11(Visual C ++ 2012)
Architecture: x64
架构:x64
Configure Command (compile):
配置命令(编译):
cscript /nologo configure.js "--enable-snapshot-build" "--disable-isapi" "--enable-debug-pack" "--without-mssql" "--without-pdo-mssql" "--without-pi3web" "--with-pdo-oci=c:\\php-sdk\\oracle\\x64\\instantclient_12_1\\sdk,shared" "--with-oci8-12c=c:\\php-sdk\\oracle\\x64\\instantclient_12_1\\sdk,shared" "--enable-object-out-dir=../obj/" "--enable-com-dotnet=shared" "--with-mcrypt=static" "--without-analyzer" "--with-pgo"
openssl
的openssl
OpenSSL support: enabled
OpenSSL支持:已启用
OpenSSL Library Version: OpenSSL 1.0.1c 10 May 2012
OpenSSL库版本:OpenSSL 1.0.1c 2012年5月10日
OpenSSL Header Version: OpenSSL 1.0.1t 3 May 2016
OpenSSL标头版本:OpenSSL 1.0.1t 2016年5月3日
Openssl default config: c:/openssl-1.0.1c-X64/ssl/openssl.cnf
OpenSSL默认配置:c:/openssl-1.0.1c-X64/ssl/openssl.cnf
openssl.cafile: no value
openssl.cafile:无值
openssl.capath: no value
openssl.capath:无值
Even PHP5.5 certificates works in a way in PHP, but after the PHP5.6 that has changed, as described in: http://php.net/manual/en/migration56.openssl.php 甚至PHP5.5证书也可以在PHP中以某种方式工作,但是在更改了PHP5.6之后,如下所述: http ://php.net/manual/en/migration56.openssl.php
All encrypted client streams now enable peer verification by default. 现在,所有加密的客户端流均默认启用对等验证。 By default, this will use OpenSSL's default CA bundle to verify the peer certificate.
默认情况下,这将使用OpenSSL的默认CA捆绑包来验证对等证书。 In most cases, no changes will need to be made to communicate with servers with valid SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles.
在大多数情况下,无需更改任何内容即可与具有有效SSL证书的服务器通信,因为分发者通常会将OpenSSL配置为使用已知的良好CA捆绑软件。
The default CA bundle may be overridden on a global basis by setting either the openssl.cafile
or openssl.capath
configuration setting, or on a per request basis by using the cafile or capath context options. 通过设置
openssl.cafile
或openssl.capath
配置设置,或在每个请求的基础上,使用cafile或capath上下文选项,可以在全局基础上覆盖默认的CA捆绑包。
While not recommended in general, it is possible to disable peer certificate verification for a request by setting the verify_peer context option to FALSE
, and to disable peer name validation by setting the verify_peer_name
context option to FALSE
. 虽然一般不推荐使用,可以禁止对方的证书验证通过和verify_peer上下文选项设置为请求
FALSE
,并通过设置来禁用对等名称验证verify_peer_name
上下文选项FALSE
。
The fsockopen
try resolve connection using cafile , if php.ini is not configured, this show error 0
. fsockopen
尝试使用cafile解析连接,如果未配置php.ini,则显示错误0
。 You can try two solutions: 您可以尝试两种解决方案:
Configure php.ini: 配置php.ini:
You can download https://curl.haxx.se/ca/cacert.pem and configure php.ini like this: 您可以下载https://curl.haxx.se/ca/cacert.pem并像这样配置php.ini:
openssl.cafile= "C:\\openssl\\cert\\cacert.pem"
Maybe you need restart Apache/Ngnix
也许您需要重新启动Apache / Ngnix
Setup in execution time: 设置执行时间:
Setup fsockopen
is possible, but you can use fopen
+ stream_context_create
, or use stream_socket_client
. 可以安装
fsockopen
,但是您可以使用fopen
+ stream_context_create
,也可以使用stream_socket_client
。
Note: sometimes the servers block functions like fopen and file_get_contents of access urls
注意:有时服务器会阻止诸如fopen和访问URL的file_get_contents之类的功能
Example: 例:
<?php $opts = array( 'ssl' => array( 'verify_peer' => true, 'cafile' => 'C:/openssl/cert/cacert.pem', 'verify_depth' => 5, 'CN_match' => 'fbcdn-sphotos-ca.akamaihd.net' ) ); $context = stream_context_create($opts); $host = 'ssl://fbcdn-sphotos-ca.akamaihd.net:443'; $fp = stream_socket_client($host, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); if (!$fp) { var_dump($errno, $errstr); } else { echo 'Connected'; }
If you decide you need to disable checking for any reason, you can simply do this: 如果您决定出于任何原因需要禁用检查,则只需执行以下操作:
<?php $host = 'ssl://fbcdn-sphotos-ca.akamaihd.net'; $port = '443'; $opts = array( 'ssl' => array( 'verify_peer' => false ) ); $context = stream_context_create($opts); $host = 'ssl://fbcdn-sphotos-ca.akamaihd.net:443'; $fp = stream_socket_client($host, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); if (!$fp) { var_dump($errno, $errstr); } else { echo 'Connected'; }
http://php.net/stream_socket_client http://php.net/stream_socket_client
If the value returned in
errno
is0
and the function returnedFALSE
, it is an indication that the error occurred before the [system-level]connect()
call.如果
errno
返回的值为0
并且函数返回FALSE
,则表明该错误发生在[系统级]connect()
调用之前。 This is most likely due to a problem initializing the socket.这很可能是由于初始化套接字时出现问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.