[英]PHP: TLS socket not setting up using stream_socket_client()
I'm trying to open a TLS connection using this code:我正在尝试使用以下代码打开 TLS 连接:
<?php
$cafile = '/var/www/html/mosquitto/cert.pem';
$socketContext = stream_context_create(["ssl" => [
"verify_peer_name" => true,
"cafile" => $cafile
]]);
$socket = stream_socket_client("tls://xx.xx.xx.xx:8883", $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $socketContext);
if (!$socket) {
print("Error: ".$errstr);
return false;
}else{
print("Connection Opened");
}
?>
Nginx error log: Nginx 错误日志:
2018/02/08 17:40:28 [error] 1331#1331: *658 FastCGI sent in stderr: "PHP message: PHP Warning: stream_socket_client(): SSL operation $
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/html/test.php on line 10
PHP message: PHP Warning: stream_socket_client(): Failed to enable crypto in /var/www/html/test.php on line 10
PHP message: PHP Warning: stream_socket_client(): unable to connect to tls://xx.xx.xx.xx:8883 (Unknown error) in /var/www/html/test.$
This is always getting in error section !$socket
but without any error string.这总是进入错误部分
!$socket
但没有任何错误字符串。 It's just Error:
.这只是
Error:
。 How can I fix this issue?我该如何解决这个问题? I'm speculating cert.pem file may be the issue.
我推测 cert.pem 文件可能是问题所在。 What file do I need to put there?
我需要把什么文件放在那里?
Thanks!谢谢!
How can I fix this issue?
我该如何解决这个问题?
That's going to be very hard until you know what the issue is.在你知道问题是什么之前,这将是非常困难的。
Clearly tackling the problem using stream_socket_client is not working and is not giving you any useful diagnostic information.显然,使用 stream_socket_client 解决问题不起作用,并且没有为您提供任何有用的诊断信息。 You need to breakdown what this call is doing and test each part in isolation.
您需要分解此调用正在执行的操作并单独测试每个部分。
Does 'xx.xx.xx.xx' represent an IP address or a hostname? 'xx.xx.xx.xx' 是代表 IP 地址还是主机名? If it's the latter you may have issues with resolution.
如果是后者,您可能会遇到分辨率问题。 Try dns_get_record () If its the former, how do you expect to validate the subject of the certificate?
试试dns_get_record () 如果是前者,你希望如何验证证书的主题?
Can you connect on port 8883?你可以在端口 8883 上连接吗? Try fsockopen ()
试试fsockopen ()
Is SSL working? SSL 有效吗?
You can check these from the command line with openssl s_client您可以使用openssl s_client从命令行检查这些
Update更新
From your edit: certificate verify failed
- see note above regarding IP address and certificate vlidation从您的编辑:
certificate verify failed
- 请参阅上面有关 IP 地址和证书验证的说明
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.