stackoom
  简体   繁体   中英

PHP: TLS socket not setting up using stream_socket_client()

 原文  2018-02-08 12:14:56       php/ sockets/ ssl

Question

I'm trying to open a TLS connection using this code:

<?php

$cafile = '/var/www/html/mosquitto/cert.pem';

$socketContext = stream_context_create(["ssl" => [
    "verify_peer_name" => true,
    "cafile" => $cafile
]]);

$socket = stream_socket_client("tls://xx.xx.xx.xx:8883", $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $socketContext);

if (!$socket) {
    print("Error: ".$errstr);
    return false;
}else{
    print("Connection Opened");
}

?>

Nginx error log: 

2018/02/08 17:40:28 [error] 1331#1331: *658 FastCGI sent in stderr: "PHP message: PHP Warning:  stream_socket_client(): SSL operation $
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/html/test.php on line 10
PHP message: PHP Warning:  stream_socket_client(): Failed to enable crypto in /var/www/html/test.php on line 10
PHP message: PHP Warning:  stream_socket_client(): unable to connect to tls://xx.xx.xx.xx:8883 (Unknown error) in /var/www/html/test.$

This is always getting in error section !$socket but without any error string. It's just Error: . How can I fix this issue? I'm speculating cert.pem file may be the issue. What file do I need to put there?

Thanks!

1 answers

solution1
 1  2018-02-08 12:34:44

How can I fix this issue?

That's going to be very hard until you know what the issue is.

Clearly tackling the problem using stream_socket_client is not working and is not giving you any useful diagnostic information. You need to breakdown what this call is doing and test each part in isolation.

Does 'xx.xx.xx.xx' represent an IP address or a hostname? If it's the latter you may have issues with resolution. Try dns_get_record () If its the former, how do you expect to validate the subject of the certificate?

Can you connect on port 8883? Try fsockopen ()

Is SSL working?

  • Can you negotiate a cypher
  • Is the certificate valid
  • is the certificate signed by a CA in your certs.pem file

You can check these from the command line with openssl s_client

Update

From your edit: certificate verify failed - see note above regarding IP address and certificate vlidation

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP stream_socket_client not using proxy PHP: Unable to set private key file using TLS protocol with function stream_socket_client() PHP stream_socket_client fails to connect PHP stream_socket_client() Warning PHP stream_socket_client and facebook chat php 5.6 update stream_socket_client - No longer opening socket stream_socket_client is failing error with stream_socket_client how to bind stream_socket_client to an interface in php? php,mqtt: stream_socket_client(): unable to connect to <server><port>
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM