phpcurlopensslstream-socket-client

stream_socket_enable_crypto alternative or similar solution


I'm running a script on my site that connects to Facebook, It was working fine until my server updated Centos with a buggy version of Openssl. My problem is that until Redhat release a new version I'm stuck with this bug.

This is my script how actually run:

  if( !stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
  {

    throw new Exception('stream_socket_enable_crypto failed');

  }

Obviously now it fails all the time with the following error:

PHP Warning:  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group
error:1408D010:SSL routines:SSL3_GET_KEY_EXCHANGE:EC lib

So there is any other alternative to enable crypto on the resource such as curl or something similar. How can I fix this?


Solution

  • This is not a solution, it's just a similar OpenSSL test ran on my box.

    I updated my CentOS box today, so I have the last version on it:

    
    # cat /etc/redhat-release
    CentOS release 6.5 (Final)
    

    The OpenSSL version is:

    
    openssl.i686 0:1.0.1e-16.el6_5
    openssl-devel.i686 0:1.0.1e-16.el6_5
    

    And I ran the following test on it:

    
    <?php
    
      // open the socket
      $f = @stream_socket_client("google.com" . ":" . "443", $err, $errstr, 30);
    
      if (!$f) {
        echo "Socket error: (" . $err . ") " . $errstr . "\n";
        exit;
      }
    
      // Start SSL, if needed
      if(!@stream_socket_enable_crypto($f, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
        echo "Socket error. Can not start SSL encryption" . "\n";
        exit;
      }
    
      $request_headers  = "GET / HTTP/1.1" . "\r\n";
      $request_headers .= "Host: www.google.com" . "\r\n";
      $request_headers .= "Connection: close" . "\r\n";
      $request_headers .= "\r\n";
    
      // send the HTTP headers
      fputs ($f, $request_headers);
    
      // read everything
      $buf = "";
      while(!feof($f)) {
        $buf .= fgets ($f, 8192);
      }
    
      // close the socket
      fclose($f);
    
      echo $buf;
    
      echo "\n";
    ?>
    

    At the end I got the desired response, with no Open-SSL errors.