Google Answers: A secure SSL socket connection with PHP

View Question

Q: A secure SSL socket connection with PHP ( No Answer, 0 Comments )

Question

Subject: A secure SSL socket connection with PHP
Category: Computers > Programming
Asked by: arcadis-ga
List Price: $10.00

Posted: 11 Sep 2002 04:02 PDT
Expires: 11 Oct 2002 04:02 PDT
Question ID: 63808

I'd like to know how I can make socket connection to a server with PHP. The client (PHP script) makes the connection and than sends it's certificate to the server. The server than checks this certificate and decides if the connection is allowed and what rights the client has. BTW: The server and the client both have the private key and the certificate of the client. Making an unencrypted socket connection isn't a really big problem: $fp = $fsockopen(hostname, port, $errno, $errstr, 10); fputs ($fp, "Hello, who are you?"); print fgets($fp, 8096); fclose($fp); But now i need to know how to get a secure version of the socket connection described above. I tried using cURL but it only supports HTTPS connections and no 'normal' socket connections. To round it up: how do i make a SSL socket connection with PHP in which the client acknowledges it's identity with it's certificate and key? Thanks in advance, Maarten Engelen
Request for Question Clarification by joseleon-ga on 11 Sep 2002 05:49 PDT Hello: I supose you know that if you don't use the cURL library and use just sockets you will need to deal with the HTTP protocol and do it all by yourself. Look at this article: How can PHP make a SSL encrypted post to a transaction server? http://www.faqts.com/knowledge_base/view.phtml/aid/697/fid/49 And tell me what do you think. Best Regards.
Clarification of Question by arcadis-ga on 11 Sep 2002 06:06 PDT Well, the thing is that the server is no HTTP server. It accepts commands in textual form and than returns data based on the command. So the thing is that I want a connection _without_ any HTTP protocols. cURL is very nice, but it can't make any 'clean' socket connections like fsockopen().
Request for Question Clarification by joseleon-ga on 11 Sep 2002 09:39 PDT Hello: What kind of server are you going to use?, I ask this because there is nothing special opening SSL connections with fsockopen but handle certificates, which is specific to the HTTP protocol over SSL, so if you are not going to use an HTTP server, the answer I was thinking it's wrong. fsockopen http://www.php.net/manual/en/function.fsockopen.php "As of PHP 4.3.0, if you have compiled in OpenSSL support, you may prefix the hostname with either 'ssl://' or 'tls://' to use an SSL or TLS client connection over TCP/IP to connect to the remote host." Regards.
Clarification of Question by arcadis-ga on 11 Sep 2002 10:10 PDT I think the best way to get the actual problem clear is to give some more background info on the problem. The server is from a product called FreeVSD. This is an open source project that handles virtual servers. When you connect to the non-secure server with a normal socket connection than i can send commands like when you're connecting to a POP3 server (text based, like telnet). freevsd also has a secure server. This server uses openssl to secure the connection. One the server I make a Certificate Authority. Than i make a certificate/key pair for every user that should have access to the system. The hostserver _and_ the client both have the same certificate/key pair. The client connects to the server and for as far as I can see the client sends its certificate to the server to verify it's identity. Than the key and cert are used to encrypt the data. You don't have to type any passwords to authenticate as this is all done by checking the certificate. The problem is that there is a commercial product that does work, but it is zend encoded so i can't figure out how it works. It works on any PHP version (version 4.0.6) and up so i figured that there should be some way to get this secure SSL connection thing working. I'm sorry I can't be any clearer. My knowledge of OpenSSL is not very good and after scanning the source code of the administration utility (written in C) for the secure server this is what I could make out of it.
Request for Question Clarification by joseleon-ga on 12 Sep 2002 05:42 PDT Hello: Well, after review all the information, I think this question must be divided in two parts: Part I: How to connect a socket using SSL? Answer: Using fsockopen with ssl:// fsockopen http://www.php.net/manual/en/function.fsockopen.php "As of PHP 4.3.0, if you have compiled in OpenSSL support, you may prefix the hostname with either 'ssl://' or 'tls://' to use an SSL or TLS client connection over TCP/IP to connect to the remote host." In HTTP protocol, when you connect to an HTTP server over SSL, the server can ask for a certificate, you send it, it asks for a key to decrypt it, you send it and the server checks if the certificate is valid before allow that connection. Part II: How can I manage a FreeVSD server from PHP over SSL? Answer: I can't answer this question, because it implies to implement the VSDADM protocol, the protocol FreeVSD uses for communication. Remote Administration Protocol http://www.freevsd.org/aboutvsd/rap.phtml And I think this is a huge task. If you want I could post an answer to the Part I, but I suggest you to save your money and ask Part II as a new question and cancel this one. I hope you find useful my comments. Regards.
Clarification of Question by arcadis-ga on 12 Sep 2002 08:31 PDT PART II is already solved. I wrote a parser script for the freevsd protocol, so that isn't the problem. The process of connecting to the server and making the connection ssl secured gives me the headache. As fsockopen only supports ssl from php version 4.3.0 and up this isn't a real option (not for me at least). As i wrote earlier: I know of a script that does the job with php version 4.0.6 an up. This may be a bit silly (asking for something I saw before), but as the script i'm talking about is encoded I can't get to the code they used for the connection. I will keep the question open for some days for anyone who knows an answer to this problem.
Request for Question Clarification by joseleon-ga on 12 Sep 2002 13:08 PDT Hello: Well, if you cannot use a PHP version greater than 4.3.0, I'm sorry, but I don't know how to connect a socket through SSL, I think you will need to find someone with a customized PHP distribution which compiles OpenSSL. Just for curiosity, which PHP version are you using? Regards.
Clarification of Question by arcadis-ga on 12 Sep 2002 14:40 PDT The php version I use is 4.2.1 and 4.0.6 (2 different test sytstems) It doesn't matter you don't know the answer. Thank you very much for your help, Maarten

Answer

There is no answer at this time.

Comments

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy