I'm running a script on my site that connects to Facebook, It was working fine until my server updated Centos with a buggy version of Openssl. My problem is that until Redhat release a new version I'm stuck with this bug.
This is my script how actually run:
if( !stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
{
throw new Exception('stream_socket_enable_crypto failed');
}
Obviously now it fails all the time with the following error:
PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group
error:1408D010:SSL routines:SSL3_GET_KEY_EXCHANGE:EC lib
So there is any other alternative to enable crypto on the resource such as curl or something similar. How can I fix this?
This is not a solution, it's just a similar OpenSSL test ran on my box.
I updated my CentOS box today, so I have the last version on it:
# cat /etc/redhat-release
CentOS release 6.5 (Final)
The OpenSSL version is:
openssl.i686 0:1.0.1e-16.el6_5
openssl-devel.i686 0:1.0.1e-16.el6_5
And I ran the following test on it:
<?php
// open the socket
$f = @stream_socket_client("google.com" . ":" . "443", $err, $errstr, 30);
if (!$f) {
echo "Socket error: (" . $err . ") " . $errstr . "\n";
exit;
}
// Start SSL, if needed
if(!@stream_socket_enable_crypto($f, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
echo "Socket error. Can not start SSL encryption" . "\n";
exit;
}
$request_headers = "GET / HTTP/1.1" . "\r\n";
$request_headers .= "Host: www.google.com" . "\r\n";
$request_headers .= "Connection: close" . "\r\n";
$request_headers .= "\r\n";
// send the HTTP headers
fputs ($f, $request_headers);
// read everything
$buf = "";
while(!feof($f)) {
$buf .= fgets ($f, 8192);
}
// close the socket
fclose($f);
echo $buf;
echo "\n";
?>
At the end I got the desired response, with no Open-SSL errors.