I'm trying to connect to a FTPS Server with PHP 5.6.40 on Windows.
I know that I need to recompile PHP to include OpenSSL and FTP in the PHP bundle and that's what I did.
The ftp_ssl_connect function is here now but I get a SSL/TLS handshake error.
When I try to connect to a public FTPS Server, I encounter the following error:
Warning: ftp_login(): SSL/TLS handshake failed in D:\home\site\wwwroot\index.php on line 13
PHP Warning: ftp_login(): SSL/TLS handshake failed in D:\home\site\wwwroot\index.php on line 13 PHP Warning: ftp_login(): AUTH command ok. Expecting TLS Negotiation. in D:\home\site\wwwroot\index.php on line 13
Warning: ftp_login(): AUTH command ok. Expecting TLS Negotiation. in D:\home\site\wwwroot\index.php on line 13
This script runs great on PHP 5.6.40/Linux.
I tried too, to have the same result with cURL commands, It's great on Windows and Linux, but I would really like to use PHP's FTP commands.
Any idea ?
<?php
$ftpserver = "test.rebex.net";
$user = "demo";
$mdp = "password";
$connectionId = ftp_ssl_connect($ftpserver);
$login_result = ftp_login($connectionId, $user, $mdp);
ftp_pasv($connectionId, true);
$pasv_result = ftp_pasv($connectionId, true);
if ($pasv_result)
echo "ok";
else
echo "nok";
print_r( ftp_nlist($connectionId,'.'));
Related
I'm trying to open a TLS connection using this code:
<?php
$cafile = '/var/www/html/mosquitto/cert.pem';
$socketContext = stream_context_create(["ssl" => [
"verify_peer_name" => true,
"cafile" => $cafile
]]);
$socket = stream_socket_client("tls://xx.xx.xx.xx:8883", $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $socketContext);
if (!$socket) {
print("Error: ".$errstr);
return false;
}else{
print("Connection Opened");
}
?>
Nginx error log:
2018/02/08 17:40:28 [error] 1331#1331: *658 FastCGI sent in stderr: "PHP message: PHP Warning: stream_socket_client(): SSL operation $
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/html/test.php on line 10
PHP message: PHP Warning: stream_socket_client(): Failed to enable crypto in /var/www/html/test.php on line 10
PHP message: PHP Warning: stream_socket_client(): unable to connect to tls://xx.xx.xx.xx:8883 (Unknown error) in /var/www/html/test.$
This is always getting in error section !$socket but without any error string. It's just Error:. How can I fix this issue? I'm speculating cert.pem file may be the issue. What file do I need to put there?
Thanks!
How can I fix this issue?
That's going to be very hard until you know what the issue is.
Clearly tackling the problem using stream_socket_client is not working and is not giving you any useful diagnostic information. You need to breakdown what this call is doing and test each part in isolation.
Does 'xx.xx.xx.xx' represent an IP address or a hostname? If it's the latter you may have issues with resolution. Try dns_get_record() If its the former, how do you expect to validate the subject of the certificate?
Can you connect on port 8883? Try fsockopen()
Is SSL working?
Can you negotiate a cypher
Is the certificate valid
is the certificate signed by a CA in your certs.pem file
You can check these from the command line with openssl s_client
Update
From your edit: certificate verify failed - see note above regarding IP address and certificate vlidation
i try to include a file from a remote server. When i use normal ftp everything works well. when i try to use ftps ...
<?php
$erg = include("ftps://user:pw#ftp.doamin.de/files/toinclude.php");
?>
i got an error:
Warning: include(): SSL operation failed with code 1. OpenSSL Error messages: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure in /var/www/html/includetest.php on line 10
Warning: include(ftps://...#ftp.domain.de/files/toinclude.php): failed to open stream: Unable to activate SSL mode in /var/www/html/includetest.php on line 10
the ftpserver is able to work in "ftp over tls" mode when i use filezilla to connect.
on the webserver openssl is activated in this version: OpenSSL 1.0.1f 6 Jan 2014
i already searched the web and this site for quite a while but without any sucess.
lg grischan
We just upgraded to php 5.6 from php 5.4, and everything was working fine with our MySQL connecting using MySQLi and SSL.
Our connection looks like:
mysqli_real_connect($db, $host, $username, $password, $database, $port, $socket, MYSQLI_CLIENT_SSL);
mysqli_set_charset($db, "utf8");
Howerver, now when we try and connect to MySQL over SSL using php 5.6 we are getting:
Warning: mysqli_real_connect(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
/MySQLConnection.php on line 29
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL
in /MySQLConnection.php on line 29
Warning: mysqli_real_connect(): [2002] (trying to connect via
tcp://mysql1.ourdomain.com:3306) in /MySQLConnection.php on line 29
Warning: mysqli_real_connect(): (HY000/2002): in /MySQLConnection.php
on line 29
I tried setting:
mysqli_options($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, false);
But that does not help.
UPDATE
I added:
$mysql_certs_path = "/full/path/to/certs/mysql";
mysqli_ssl_set($db, $mysql_certs_path . "/client-key.pem", $mysql_certs_path . "/client-cert.pem", $mysql_certs_path . "/ca-cert.pem", null, null);
And still getting:
Warning: mysqli_real_connect(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
/MySQLConnection.php on line 31
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /MySQLConnection.php on line 31
#jww, I have written a post that shares exactly the problems #Justin is facing here. According to my post, the CN of the certificate issued by Google Cloud SQL has the pattern:
CN=project-name:instance-id
Had something similar to this happen to me. When I upgraded PHP to 5.6, it worked. But when I entered:
sudo apt-get install php5-mysqlnd
On Ubuntu 15.04, the SSL to AWS RDS stopped working, even though it worked with the libmysql driver. Running:
sudo apt-get install php5-mysql
Installed the old drivers and it started working again. Near as I can figure out, it's failing the peer-name validation for connecting to RDS. I do not know how to fix that, and because it uses PHP streams for its connection, the settings don't seem to matter that you pass in.
This is a known bug:
https://bugs.php.net/bug.php?id=68344
So I wrote this method, modified from here: How to know if MySQLnd is the active driver?
public function getMySQLIType()
{
$mysqlType = [
'mysql' => false,
'mysqli' => false,
'mysqlnd' => false,
];
if (function_exists('mysql_connect')) {
$mysqlType['mysql'] = true;
}
if (function_exists('mysqli_connect')) {
$mysqlType['mysqli'] = true;
}
if (function_exists('mysqli_get_client_stats')) {
$mysqlType['mysqlnd'] = true;
}
return $mysqlType;
}
If the array returns true for mysqlnd, I disable SSL. If returns false, then I enable it. Thus far, it works. Yes, this is a hack fix but I do not know how to legitimately fix this issue.
I'm trying to use php function fsockopen on a smtp server using ssl on port 465 on my local server with apache.
It works well with php command line but I get a SSL error when the script is running in my browser.
php.ini
extension=php_openssl.dll line is not commented
phpinfo through Apache
Loaded Configuration File : D:\localhost\php-5.4.11\php.ini
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 0.9.8x 10 May 2012
OpenSSL Header Version OpenSSL 0.9.8x 10 May 2012
phpinfo with command line
Loaded Configuration File => D:\localhost\php-5.4.11\php.ini
openssl
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 0.9.8x 10 May 2012
OpenSSL Header Version => OpenSSL 0.9.8x 10 May 2012
My script
$smtp = fsockopen('ssl://in.mailjet.com', 465, $errno, $errstr, 30);
$response = fgets($smtp, 4096);
if(empty($smtp)){
echo $response;
return false;
}
echo $response . '<br/>';
fclose($smtp);
Output under apache
Warning: fsockopen(): SSL: crypto enabling timeout in XXX on line 2
Warning: fsockopen(): Failed to enable crypto in XXX on line 2
Warning: fsockopen(): unable to connect to ssl://in.mailjet.com:465 (Unknown error) in XXX on line 2
Output with command line
220 srv12.mailjet.com ESMTP Mailjet
<br/>
Platform: I'm using PHP 5.4.11 / Apache 2.2.22 (Win32) on Windows 8 64
-- Edit --
I've tried using TLS as suggested:
$smtp = fsockopen('tls://in.mailjet.com', 567, $errno, $errstr, 30);
And I get
E_WARNING: fsockopen(): in XXX on line XXX
Error message is blank and $errno = (int) 0 and $errstr = (string) ''
I updated my Apache version from 2.2 to 2.4 and it works now.
I've followed this tutoriel : http://lifeofageekadmin.com/how-install-apache-2-4-php-5-4-and-mysql-5-5-21-on-windows-7/ to get the new Apache version.
I was having a similar problem with a contact form which uses captcha, getting the error
fsockopen(): unable to connect to ssl://mail.google.com:443
This is on a FreeBSD vm, with Joomla installed.
Searching, I found http://php.net/manual/en/function.fsockopen.php which mentioned certificate validation.
Installed the FreeBSD port ca_root_nss which includes certificate validation for Root certificates from certificate authorities included in the Mozilla NSS library.
I have to retrieve a file by using FTPS :
$ftp = ftp_ssl_connect($ftp_server, 9921, 10);
$bool = ftp_login($ftp, $login, $pass);
ftp_pasv($ftp, true);
$files = ftp_nlist($ftp, "/");
var_dump($files);
die();
But I have this warnings, and $files is false
Warning: ftp_login() [function.ftp-login]: SSL/TLS handshake failed in xxx\view.importfromadmin.php on line 81
Warning: ftp_login() [function.ftp-login]: Using authentication type TLS in xxx\view.importfromadmin.php on line 81
How can I fixe it ?
I think your issue is going to lay with OpenSSL not being compiled with PHP. You can find more information about that here: http://www.deciacco.com/blog/php/php-openssl-and-ftp_ssl_connect-on-win32
With information on how to fix it as well. You can check if your PHP has OpenSSL compiled through the phpinfo. Given that you are running a Windows server check the link above. Since you did not provide that information this is just a random guess.
I can copy my file using this :
$ftp_path = "ftps://$ftp_login:$ftp_password#$ftp_server:9921/".$import_file;
copy($ftp_path, $uploadFileName);