I'm trying to use php function fsockopen on a smtp server using ssl on port 465 on my local server with apache.
It works well with php command line but I get a SSL error when the script is running in my browser.
php.ini
extension=php_openssl.dll line is not commented
phpinfo through Apache
Loaded Configuration File : D:\localhost\php-5.4.11\php.ini
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 0.9.8x 10 May 2012
OpenSSL Header Version OpenSSL 0.9.8x 10 May 2012
phpinfo with command line
Loaded Configuration File => D:\localhost\php-5.4.11\php.ini
openssl
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 0.9.8x 10 May 2012
OpenSSL Header Version => OpenSSL 0.9.8x 10 May 2012
My script
$smtp = fsockopen('ssl://in.mailjet.com', 465, $errno, $errstr, 30);
$response = fgets($smtp, 4096);
if(empty($smtp)){
echo $response;
return false;
}
echo $response . '<br/>';
fclose($smtp);
Output under apache
Warning: fsockopen(): SSL: crypto enabling timeout in XXX on line 2
Warning: fsockopen(): Failed to enable crypto in XXX on line 2
Warning: fsockopen(): unable to connect to ssl://in.mailjet.com:465 (Unknown error) in XXX on line 2
Output with command line
220 srv12.mailjet.com ESMTP Mailjet
<br/>
Platform: I'm using PHP 5.4.11 / Apache 2.2.22 (Win32) on Windows 8 64
-- Edit --
I've tried using TLS as suggested:
$smtp = fsockopen('tls://in.mailjet.com', 567, $errno, $errstr, 30);
And I get
E_WARNING: fsockopen(): in XXX on line XXX
Error message is blank and $errno = (int) 0 and $errstr = (string) ''
I updated my Apache version from 2.2 to 2.4 and it works now.
I've followed this tutoriel : http://lifeofageekadmin.com/how-install-apache-2-4-php-5-4-and-mysql-5-5-21-on-windows-7/ to get the new Apache version.
I was having a similar problem with a contact form which uses captcha, getting the error
fsockopen(): unable to connect to ssl://mail.google.com:443
This is on a FreeBSD vm, with Joomla installed.
Searching, I found http://php.net/manual/en/function.fsockopen.php which mentioned certificate validation.
Installed the FreeBSD port ca_root_nss which includes certificate validation for Root certificates from certificate authorities included in the Mozilla NSS library.
Related
I'm trying to connect to a FTPS Server with PHP 5.6.40 on Windows.
I know that I need to recompile PHP to include OpenSSL and FTP in the PHP bundle and that's what I did.
The ftp_ssl_connect function is here now but I get a SSL/TLS handshake error.
When I try to connect to a public FTPS Server, I encounter the following error:
Warning: ftp_login(): SSL/TLS handshake failed in D:\home\site\wwwroot\index.php on line 13
PHP Warning: ftp_login(): SSL/TLS handshake failed in D:\home\site\wwwroot\index.php on line 13 PHP Warning: ftp_login(): AUTH command ok. Expecting TLS Negotiation. in D:\home\site\wwwroot\index.php on line 13
Warning: ftp_login(): AUTH command ok. Expecting TLS Negotiation. in D:\home\site\wwwroot\index.php on line 13
This script runs great on PHP 5.6.40/Linux.
I tried too, to have the same result with cURL commands, It's great on Windows and Linux, but I would really like to use PHP's FTP commands.
Any idea ?
<?php
$ftpserver = "test.rebex.net";
$user = "demo";
$mdp = "password";
$connectionId = ftp_ssl_connect($ftpserver);
$login_result = ftp_login($connectionId, $user, $mdp);
ftp_pasv($connectionId, true);
$pasv_result = ftp_pasv($connectionId, true);
if ($pasv_result)
echo "ok";
else
echo "nok";
print_r( ftp_nlist($connectionId,'.'));
I am trying to use fsockopen on localhost with https on Windows, using Wamp.
It is working fine on http but not on https.
I created a certificate with OpenSSL (How to install: OpenSSL + WAMP) and declared a virtual host in httpd-vhosts.conf file.
Here is the PHP code:
$fp = fsockopen("ssl://localhost", 443, $errno, $errstr, FSOCKOPEN_TIMEOUT); // same pb with ssl://www.localhost
That generates following errors:
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
PHP Warning: fsockopen(): Failed to enable crypto
PHP Warning: fsockopen(): unable to connect to ssl://localhost:443 (Unknown error)
I also have following warning in my ssl error log file when Apache starts (I don't know if it may be related):
[ssl:warn] [pid 6008:tid 596] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
Do you have any idea what I did wrong?
Thank you!
Keep in mind - if you create a ssl certificate locally on your own it's normally not trusted by clients (e.g. webbrowser)
When you have followed the cert creation process you have been asked about the Common Name (CN). That should be a domain over which you are planning to serve your webpage, or, when you only use it locally it can also be localhost.
In your case you used something differnt which does not match the ServerName or ServerAlias in your apache config.
Atm I don't understand why you want connect to localhost via ssl - from a security perspective it's not really necessary.
Otherwise you could force your client (php) to not check the certificate's validity
<?php
$context = stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
]);
$fp = stream_socket_client("ssl://localhost", $errno, $errstr, ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context);
But do that only (!) for local connections
I was trying to develop a twitter streaming application on my AWS EC2 machine. The OS platform is Ubuntu 16.04.1 LTS and I have downgraded the PHP version to 5.6.28-1+deb.sury.org~xenial+1
When I run the twitter streaming application on this server, I am getting the following errors.
Warning: fsockopen(): Peer certificate CN=`stream.twitter.com' did not match expected CN=`199.16.156.217' in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
Warning: fsockopen(): Failed to enable crypto in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
Warning: fsockopen(): unable to connect to ssl://199.16.156.217:443 (Unknown error) in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
The same code is running without any issues in another two machines (one is AWS EC2 and the another is a godaddy server).
All the ports in the current EC2 machine is open now and the SSL version is OpenSSL/1.0.2g the openssl section is having the following value.
openssl section - phpinfo
Can someone help me to find where the exact issue is ?
The issue is resolved with the clue fro the first error.
Warning: fsockopen(): Peer certificate CN='stream.twitter.com' did not match expected CN='199.16.156.217' in /var/www/html/myapp/streamer/twitterstreamer.php on line 620
In PHP 5.6.x, the value of openssl VERIFY_PEER is true by default. The system will first fetch the certificate from the peer and matches with ours. In my application, I was connecting with the IP and the URL in the fetched certificate is stream.twitter.com. This was the issue.
Changing IP in the fsockopen to stream.twitter.com solved my issue.
PHP versions prior to 5.6, the default value of VERIFY_PEER is false and this is why the same code running on my other instances.
i try to include a file from a remote server. When i use normal ftp everything works well. when i try to use ftps ...
<?php
$erg = include("ftps://user:pw#ftp.doamin.de/files/toinclude.php");
?>
i got an error:
Warning: include(): SSL operation failed with code 1. OpenSSL Error messages: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure in /var/www/html/includetest.php on line 10
Warning: include(ftps://...#ftp.domain.de/files/toinclude.php): failed to open stream: Unable to activate SSL mode in /var/www/html/includetest.php on line 10
the ftpserver is able to work in "ftp over tls" mode when i use filezilla to connect.
on the webserver openssl is activated in this version: OpenSSL 1.0.1f 6 Jan 2014
i already searched the web and this site for quite a while but without any sucess.
lg grischan
I am trying to implement a PHP SOAP based web service into my web application. I am getting a series of errors which seem to point to a conflict of libraries with regard to OpenSSL (or Curl, etc.), this I have understood by searching the internet for similar errors, but thought a general consensus that libraries are the issue, there is no solution that I can find.
Warning (2): SoapClient::__doRequest() [soapclient.--dorequest]: SSL operation failed with code 1. OpenSSL Error messages:
error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message [CORE/vendors/Startrack/WSSecurity.php, line 110]
Warning (2): SoapClient::__doRequest() [soapclient.--dorequest]: Failed to enable crypto [CORE/vendors/Startrack/WSSecurity.php, line 110]
Warning (2): SoapClient::__doRequest() [soapclient.--dorequest]: connect() failed: Unspecified error [CORE/vendors/Startrack/WSSecurity.php, line 110]
Notice (8): Undefined property: SoapFault::$detail [APP/controllers/startrack_controller.php, line 38]
Notice (8): Trying to get property of non-object [APP/controllers/startrack_controller.php, line 38]
Could not connect to host
This is being served from a Mac OSX Lion server. PHP 5.3.3 is installed, and the extensions for OpenSSL, Curl and SOAP are enabled. This is being built within CakePHP which explains the syntax of the error messages above. I am using a PHP Web Service bundle already provided. The above works when hosted via MAMP, but I am hoping to not have to rely on MAMP.
The only incompatibility I can find is between the OpenSSL headers and library versions, but from what I know this ought not be a problem?
OpenSSL Library Version OpenSSL 0.9.8r 8 Feb 2011
OpenSSL Header Version OpenSSL 0.9.8l 5 Nov 2009
I am trying to understand if the assumed 'conflict' is between my server and the remote server? The WSDL file is included in the Web Service API, as they hope to avoid any issues, and it works through a MAMP install on the same computer. So I think it is a setup issue between Apache/PHP and Curl/OpenSSL.
Any pointers to how to establish the actual issue, and rectify it would be appreciated.
This could be because you are trying to connect with an SSL 3 enabled server, that may (?) have SSL 2 disabled.
Try connecting to the server like this on the command line:
openssl s_client -connect {SERVER NAME OR IP}:443 -state
If that does not work, then try connecting like this:
openssl s_client -ssl3 -connect {SERVER NAME OR IP}:443 -state
If that does work, then try creating a wrapper class, similar to this one found in the PHP documentation.
You should add a line similar to:
curl_setopt($handle, CURLOPT_SSLVERSION, 3);
inside the callCurl function to force SOAP to connect over version three of ssl.