Once upon a time, there was a normalish error in PHP land:
Warning: ftp_nlist(): data_accept: SSL/TLS handshake failed in [path] on line 29
But here's the catch, "line 29" is not the connection or login, note how it referenced the ftp_nlist() function:
$ftp = ftp_ssl_connect($cred['host'], $cred['port'], 180);
if (!ftp_login($ftp, $cred['user'], $cred['pass'])) {die("Login Failed");}
ftp_pasv($ftp, true);
$files = ftp_nlist($ftp, '');
OpenSSL is compiled and enabled in phpinfo() as suggested here:
ftp_login() : SSL/TLS handshake failed
Other posts I've seen all seem to reference error in the ftp_ssl_connect() or ftp_login() commands which work for me. What can I check when ftp_login() returns true?
Or... are there any logs to get more details on what is wrong?
I'm using php 5.3.29. The code does work properly on my desktop (php 7), but I'm hoping I don't have to upgrade the server to 7 for this to work
12-28-2017 update:
Upgrading to 5.6 resolved, so looks like Martin is on point.
Although this question is quite old, but in case someone else hits this problem:
If your ftp_ssl_connect and ftp_login works fine but functions like ftp_nlist, ftp_put, ftp_fput don't works the problem might be that your FTP server is using port 21 for Connection but different port ranges for data transfer, that explains why you can connect and login but you can't upload or download data, and you need to allow the Out-going connections to those port range in your firewall
The ftp_nlist opens a data connection. That connection needs TLS/SSL handshake too.
As the control connection handshake succeeded, the problem indeed cannot be with an absent TLS/SSL support in PHP. Neither the problem can be with anything like the server and PHP not being able to find a cipher to agree on.
When TLS/SSL handshake on data connection fails after handshake on control connection succeeded, it's quite usually because the client (PHP) did not reuse TLS/SSL session from control connection on the data connection (see Why is session reuse useful in FTPS?). Some servers do require that. PHP supports the reuse only since 5.6.26. See PHP Bug 70195. So make sure you use that version of PHP at least.
Related
I want to change user's password [unicodePwd] on Windows Active Directory using PHP LDAP.
I am using Windows Active Directory via PHP LDAP.
I don't have any issues connection to it.
I don't have any issues collecting data.
I don't have any issues changing attributes using ldap_mod_replace or ldap_modify
except for the "unicodePwd".
*note that this works
$user['telephonenumber'] = '1234567890';
*note that this does'nt work
$user['unicodePwd'] = mb_convert_encoding('my_new_password', "UTF-16LE");
// CODE
$result = ldap_modify($ldap, $dn, $user);
return ldap_error($ldap);
// CODE
// ERROR ON CHANGING unicodePwd
ldap_modify(): Modify: Server is unwilling to perform
// NO ERROR FOR telephonenumber
06/11/2018 Problem,
I can't setup my server to have ldap over ssl.
Already tried installing AD CS, nothing worked so far. Still configuring my server any idea about installing CA(Certificate Authority) to be used in LDAP over SSL?
06/20/2018 Problem, NEW PROBLEM
Already setup LDAP OVER SSL, i can also use ldap using the
cmd->ldp; port 389, and 636 with ssl is good.
but when i run it in my php using port 636 or ldaps://servername this is the error,
ldap_bind(): Unable to bind to server: Can't contact LDAP server
You need to be on a secured connection to modify a password (and probably other security related options).
Add the following before you call ldap_bind():
ldap_start_tls($ldap);
This is a good idea even if you aren't trying to change a password as otherwise your bind operation is cleartext and can be sniffed.
If you see this error:
Warning: ldap_start_tls(): Unable to start TLS: Connect error in ...
You can workaround the issue by adding the following line before you call ldap_connect:
putenv('LDAPTLS_REQCERT=never');
WARNING: This disables checking the validity of the LDAP server certificate! Ideally you should add the server certificate (or its signing CA) to your trusted store.
I'm having issues with connecting to remote ftp server with PHP and SSL. I am using ftp_ssl_connect to at least connect to remote FTP server with SSL, but with no luck.
I'm getting
ftp_login(): Authentication via SSL not supported.
I'm using these PHP lines.
$ftp_conn = ftp_ssl_connect($host);
$login_result = ftp_login($ftp_conn, $user, $pw);
Indeed SSL is not supported for both (local, remote) machines. I have checked it with php -i | grep "SSL Version" and it returns Secure Transport. I think this is the problem. I would like to change it to OpenSSL but without reinstalling PHP as it was mentioned in other Stack Overflow questions. Is it possible?
Thanks for reply.
Indeed SSL is not supported for both (local, remote) machines
If the server does not support TLS/SSL, there's nothing you can do about it on client (PHP) side.
And indeed the "Authentication via SSL not supported" seems to be an error message coming from the (tnftpd) FTP server:
https://discussions.apple.com/thread/7045410
Actually I do not think that you have a problem on client (PHP) side. Because were OpenSSL not built into PHP, your PHP script won't even run, as the ftp_ssl_connect function won't be available.
You would get:
Call to undefined function ftp_ssl_connect() in ...
I'm having trouble with using APNS with PHP and getting the following message:
stream_socket_client(): Failed to enable crypto
The problem only happens sometimes, and other times it would actually send the push.
Since I have the test script on a loop of 10 iterations, I would sometimes get this:
stream_socket_client(): SSL: Connection reset by peer
I'm testing using the sandbox server tls://gateway.sandbox.push.apple.com:2195
Here is what I tried:
I tried to reissue the PEM and all certificates with it.
I played around with the request protocol sslv3:// and tls://.
I played around with the passphrase (push worked without the passphrase btw)
I tried searching stackoverflow for a solution and nothing worked.
Checked pem file permissions 644
Checked pem parent directories permissions 755
It seems that all the solutions I found on Google and SO are people having problem pushing altogether.
I feel like the service is rate limited maybe? Because we waited a while (around 15 minutes) and then tried it again, and was able to successfully push around 100 messages until I started getting that message again.
The sandbox push service is rate limited. I have experienced this myself when testing but have never encountered any such limit using the production API.
You might also be hitting their other protections.
Are you opening a connection, sending a message, closing connection and then looping and doing it all over again?
That will get your notifications dropped. Apple wants you to send several push notifications using the same connection, not a new one each time.
Best Practices for Managing Connections
You may establish multiple connections to the same gateway or to
multiple gateway instances. If you need to send a large number of
remote notifications, spread them out over connections to several
different gateways. This improves performance compared to using a
single connection: it lets you send the remote notifications faster,
and it lets APNs deliver them faster.
Keep your connections with APNs open across multiple notifications;
don’t repeatedly open and close connections. APNs treats rapid
connection and disconnection as a denial-of-service attack. You should
leave a connection open unless you know it will be idle for an
extended period of time—for example, if you only send notifications to
your users once a day it is ok to use a new connection each day.
From Apple Docs # https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/CommunicatingWIthAPS.html
My PHP code was generating following error:
PHP Warning: stream_socket_client(): Failed to enable crypto in /private/tmp/t.php on line 12
PHP Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /private/tmp/t.php on line 12
PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /private/tmp/t.php on line 24
The problem was, the damn certificate, expired the day before yesterday! :-) Can you believe this?
So, I need to recreate my PEM file.
It is not necessary recreate your pem file
that error happens when you use an incorrect PassPhrase
regards
Emiliano
I had this problem. Disappeared after giving write permission for 'everyone' for the .pem file.
I have this problem because I foolishly forgot to include the file extension (.pem) when supplying the file path for local_cert.
few checks :
device token should be - with out spaces and with out < or >
make sure the path of certificate is correct and expired date of it.
make sure the passphrase you are using is the one u used to make certificate
In my case, the issue was with my mac (OSX Sierra). I uploaded php and cert to my server, ran it, and the notification was delivered.
I tried examples from book of Marin Todorov iOs 6 by Tutorials.
And before I could send push notifications for automatical update I had a lot of headache cause of handshake error - stream_socket_client(): Failed to enable crypto.
I did all of what I found in Stackoverflow - changed permissions on certificate and others.
What I did eventually?
I created selfsigned SSL certificate and setup Apache for serving SSL.
Also I changed SSL protocol from ssl to tls in hostname:
tls://gateway.push.apple.com:2195
After that service works.
I have found this question here and around internet for few times, but none answered helped me.
So I have a local apache+php server and trying to connect to remote mysql database. But script returns me error and in error log i see:
PHP Warning: mysql_connect(): Premature end of data (mysqlnd_wireprotocol.c:553) in D:\\_SERVER\\_WWW\\project\\api\\classes\\database.php on line 13
PHP Warning: mysql_connect(): OK packet 1 bytes shorter than expected in D:\\_SERVER\\_WWW\\project\\api\\classes\\database.php on line 13
PHP Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file in D:\\_SERVER\\_WWW\\project\\api\\classes\\database.php on line 13
The script for connection (just the part connecting to server):
function db_connect(){
// Connect to the database server
$connection = mysql_connect("server.com:3306","username","password",true);
if (!$connection){
echo "Could not connect to the Database server, please check your settings";
die;
}
...
}
The trick with setting PASSWORD did not work for me, can someone please help me ?
Thank you
The remote needs to allow incoming MySQL connections from your server's IP address. This can be added within a the MySQL config file from the remote server.
For more information in how to edit the config file, here are detailed instructions.
http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
The firewall needs to port-forward to the server:port on the respective system,
which requires a static or dhcp address reservation for the mysql server machine
This question is in line with this question, I am trying to connect to secure FTP Server and it is not able to connect, wierd part is that I am able to do ssh and connect to the server but when I try to do it from php code using few different approaches but it is not working
Approaches:
FTP Wrappers
ftp_connect & ftp_login
ftp_ssl_connect
ssh2_sftp
ssh2-scp-send & ssh2-scp-receive -- Have not tried this approach yet but recommended in comments portion and so would work on this and will post updates later.
Code for Approach 1:
$ftp_server = "ftp://username:password#192.168.1.1:21/{$log_file_name}";
$opts = array('ftp' => array('overwrite' => TRUE));
$context = stream_context_create($opts);
$put_file = file_put_contents($ftp_server, $response, LOCK_EX,$context);
Here also am not able to connect to secure FTP Server, any suggestions as to why it is not able to connect ?
Code for Approach 2:
ftp_server = 'www.server.com';
$conn_id = ftp_connect($ftp_server) or die ("Cannot connect to host");
//Program dies out here and give error message "Cannot connect to host",
//but why ftp_login does not work here, Any Suggestions ?
$ftp_user_name = "login";
$ftp_user_pass = "password";
// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
// check connection and login result
if ((!$conn_id) || (!$login_result))
{ echo "FTP connection has encountered an error!";
echo "Attempted to connect to $ftp_server for user $ftp_user_name....";
//exit;
} else
{
echo "Connected to $ftp_server, for user $ftp_user_name".".....";
}
Code for Approach 3:
Here am using same code as approach 1 but instead of ftp_connect, am using ftp_ssl_connect
Code for Approach 4:
$connection = ssh2_connect('www.server.com', 22);
ssh2_auth_password($connection, 'login', 'password');
$sftp = ssh2_sftp($connection);
//exit();
$stream = fopen("ssh2.sftp://$sftp/path/to/file", 'r');
Can anyone advise why am I not able to connect to secure FTP Server using above approaches but still am able to do so using ssh ?
Are there any other approaches to connect to secure FTP Server using php ?
UPDATE:
Q1. I tried again using ftp_connect but it just died out and why does it dies out, what are the scenarios in which ftp_connect dies out ?
Q2. Do we have only this approaches to connect to the server or are there any other which we can implement ?
Q3. Is this php language related that it does not support secure FTP Connection ? OR there is any other way of doing this using php, if yes than do provide different approaches as it would be very helpful.
UPDATE 1:
I was trying to google more on the issue and it seems that if ftp_connect does not work than firewall could be one of the reason for it. I am not totally sure if that is the case but I am researching more on it and post an update in here if I find anything useful.
Possible Solution :
Problem
If I remove the "or die" then you get the error:
When running from a webpage:
Warning: ftp_login() expects parameter 1 to be resource, boolean given in /var/www/ftp_test.php on line 28
var_dump($conn_id); returns bool(false).
From command line /usr/bin/php /var/www/ftp_test.php
var_dump($conn_id); returns resource(4) of type (FTP Buffer).
Script completes.
Solution 1
This could be one solution :
Try to turn off selinux and here is the way or Search : How to disable selinux for turning it off temporarily or permanently.
Solution 2
If you don't want to turn off selinux completely, you might get what you need by just setting the httpd_can_network_connect using the setsebool command.
Verify that it was previously set to "off":
getsebool httpd_can_network_connect
Set it to "on":
setsebool httpd_can_network_connect=1
Turn selinux back on:
setenforce 1
Check to be sure php ftp_connect still works when running under httpd.
Set the policy (-P) to "on" so it persists over a reboot:
setsebool -P httpd_can_network_connect=1
Solution 3
There could also be issue with company firewall. Make sure it is configured properly and has access rights set properly.
Solution 4
Another approach is to use cURL : libcurl as it can be used to connect and communicate to many different types of servers with many different types of protocols
Solution 5
There is open source project called PHP Secure Communication Library (phpspeclib) which can be also used to establish secure connection to FTP Server.
Many cheap webhoster will not give you ssh (hence no ftp via ssh aka
sftp) but only ssl-secured ftp aka ftps (see here). You might
have that problem. As others suggested, use filezilla or
another ftp client to test your credits and chosen security method
beforehand.
ftp_ssl_connect() at least under windows will be a long journey,
since you have to compile your own php binaries, see here.
As this php contributor rightfully points out, no secure
connection is secure, as long as you don't know, who you are talking
too, aka „peer certification“ through valid certificates.
phpseclib is probably your best bet. But I haven't figure out, how to
ensure, it uses peer verification (guessing, the truth is in
openssl.conf ...)
So even at the time of writing, I wonder more than ever, if
peer-validated ftps (ftp with ssl/tls authentification) is possible... also see my question here.
As for ´ftp via ssh´ alias ´sftp´: No direct advice, but note, that many cheap 'non-dedicated server' webhosts do not support it (which is bad). Company firewalls might block the relevant ports.
As for 'ftp using ssl/tls' alias 'ftps': Your answer is here. Don't waste time on ftp_ssl_connect() :-)
(Yes, it's poorly documented on the php site, to say the least)
This page has what you seek (I think)
http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/
and here are the manual pages
http://php.net/manual/en/book.ssh2.php
I, too, encountered quite a lot of issues when dealing with encrypted connections.
First thing is to check the protocol you are looking to use. Secure FTP is most commonly refearing to FTP over SHH but can also mean SCP, SFTP or FTPS.
One way to figure out is to check connecting using a client like filezilla.
If the protocol is handled via a PHP module, the best approach is indeed, to use it. In this case, you need to make sure that, in addition to the protocol-related one, the OPENSSL module is installed for php.
There are some cases where the module support still won't work. In this case, using the libcurl module is one option. This is the case for instance when you need to use a client certificate.
Unfortunately, here again, you may encounter some problems due to the partial support of libcurl in the php module. One scenario I experimented is when the server certificate is judged invalid by the module.
The last solution I usually use is to run the curl binary from an exec statement, for the later case using the "-k" switch.
I tried the phpseclib library and it works in Windows and Linux.
If you are using composer, just add in your require section :
"phpseclib/phpseclib": "0.3.*#dev"
And then, you can do this : http://phpseclib.sourceforge.net/sftp/examples.html#put