Reputation: 673
Making a connection in PHP using TLS
I wrote a small SIP client for a special purpose.
Basically it connects to port 5060 using function fsockopen()
$fp = fsockopen("10.0.0.1", 5060, $errno, $errstr, 30);
and then basically reads and writes SIP commands using fread() and fwrite().
Now my SIP service operator wants us clients to use SIPS which is
basically SIP over TLS. I've spent hours looking for information
on how to connect to a port with TLS using PHP but without any
success. Apparently the fsockopen() supports TLS to an extent but
when I replaced the above with:
$fp = fsockopen("tls://10.0.0.1", 5061, $errno, $errstr, 10);
I get nothing. I can connect to the server from my shell with with OpenSSL client:
$ openssl s_client -connect 10.0.0.1:5061
And I can communicate with the SIP server through that connection without problems. OpenSSL support is compiled in the PHP.
My problem is that I can't set up the TLS connection with the server in PHP. I noticed in some forums that in older versions of PHP it was possible to build and use the SSL context with fsockopen() but apparently not anymore, since I get an error about too many parameters.
I also tried using stream_context_create() with stream_context_set_option() but I get no replies from the server:
$context = stream_context_create();
$result=stream_context_set_option($context, 'ssl', 'verify_peer', 'TRUE');
$result=stream_context_set_option($context, 'ssl', 'cafile', 'cert.cer');
$result=stream_context_set_option($context, 'ssl', 'verify_depth', '5');
$fp = stream_socket_client('tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
but I still can't get any replies or errors from the server. What is the recommended and working way of using TLS in PHP?
Upvotes: 3
Views: 11093
Answers (4)
Reputation: 5204
You will also need to install the appropriate certificates to get TLS working. Check this SO question for an example of how to use your key files with regular TLS connections.
Also, check the specs of SIPS itself in RFC 5630.
Upvotes: 0
Reputation: 326
I just recently encountered this error, debugging here and there for connection problem or proxy problem, finally found the culprit ... and the solution was to install php-pecl-crypto extension.
My machine is centos 7 using remi-repo for PHP
Upvotes: 0
Reputation: 673
This is enough to open a TLS connection:
$context = stream_context_create();
$fp = stream_socket_client('tls://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)
if the certificates are in their place. If they are not, follow the instructions linked by Filippos.
Upvotes: 3
Reputation: 173662
I think some of your options are wrong for validating self signed certificates; the following should be enough to make it work:
$context = stream_context_create([
'ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'local_cert' => 'cert.cer',
],
]);
Upvotes: 2
Related Questions
- How do I use PHP with SSL
- Want to connecting to https host with PHP soap client
- PHP cannot connect to SMTP using TLS
- How can I do an SSL connection with PHP
- MySQL database SSL connection using PHP
- TLS with php server socket
- Connecting to MySQL via SSL using PHP
- How to make TLS connection from PHP in web server, and safely
- how to setup php code to use ssl with https connection
- basic ssl with php