PHP:与SSL绑定时，ldap_bind给出500 Internal Server Error，但没有常规绑定 [英] PHP: ldap_bind gives 500 Internal Server Error when binding with SSL but not regular bind

问题描述

我在带有IIS 10和PHP 7.2的Windows Server 2016上有一个Laravel应用程序.

I have a Laravel application on a Windows Server 2016, with IIS 10 and PHP 7.2.

该应用程序需要执行Active Directory身份验证.为此，我使用 https://github.com/Adldap2/Adldap2-Laravel . 身份验证适用于端口3268上与公司DC的常规LDAP连接，但是当我启用SSL并将其连接到端口3269或636时，我得到一个500:内部服务器错误我的代码到达ldap_bind时，"FastCGI进程意外退出"( ).

The application is required to do Active Directory authentication. For this I use https://github.com/Adldap2/Adldap2-Laravel. Authentication was working for a regular LDAP connection to the corporate DC on port 3268, but when I enable SSL and connect it to port 3269 or 636 I get an 500: Internal Server Error "The FastCGI process exited unexpectedly" when my code reaches ldap_bind().

我知道SSL可以在DC上工作，因为我可以使用ldp.exe工具在同一服务器上进行连接.

I know SSL works on the DC as I can connect on the same server with ldp.exe tool.

这是我的配置，用于应用程序中的身份验证(使用默认的登录控制器)

This is my config that is used in the application for authentication (with the default login controller)

LDAP_HOSTS='dc.example.corp.com'
LDAP_PORT=636
LDAP_BASE_DN=''
LDAP_USE_SSL=true
LDAP_USE_TLS=false

LDAP_USERNAME=######################
LDAP_PASSWORD=############

我通常在公共目录中使用以下代码对文件进行测试:

I usually do my testing on a file with the following code in my public directory:

$a = ldap_connect("ldaps://dc.example.corp.com:636");
ldap_set_option($a, LDAP_OPT_PROTOCOL_VERSION, 3);  // v3 = UTF8 encoding
ldap_set_option($a, LDAP_OPT_REFERRALS, 0);
$r=ldap_bind($a);

echo "-$r-";

我也尝试过使用DebugDiag进行调试，但是在分析由崩溃创建的转储时，它会返回以下错误:

I have also tried debugging with DebugDiag, but when analysing the dump created by the crash it returns the following error:

Description Recommendation
WARNING - DebugDiag was not able to locate debug symbols for \libcrypto-1_1.dll, so the information below may be incomplete.

In php__PID__6684__Date__11_28_2019__Time_10_24_08AM__912__Second_Chance_Exception_C0000005.dmp the assembly instruction at libcrypto_1_1!CRYPTO_memcmp+29530 in C:\Program Files (x86)\PHP\v7.2\libcrypto-1_1.dll from The OpenSSL Project, https://www.openssl.org/ has caused an access violation exception (0xC0000005) when trying to read from memory location 0x2a4b6fe0 on thread 0
Please follow up with the vendor The OpenSSL Project, https://www.openssl.org/ for C:\Program Files (x86)\PHP\v7.2\libcrypto-1_1.dll

以及数百行相同的内容:

and also hundreds of lines saying the same:

libcrypto_1_1!CRYPTO_memcmp+29594

目前我还不知道问题出在哪里，也不确定如何解决.

I don't know where the problem resides as of this moment and am unsure how to proceed.

推荐答案

通过深入研究libcrypto消息，我已经能够解决自己的问题.我在使用php 7.2.14和openssl 1.1.1时发现了一个引用错误的帖子(错误.php.net/bug.php?id = 77440 ).

I have been able to solve my own problem by looking further into the libcrypto messages. I found a post referencing a bug when using php 7.2.14 and openssl 1.1.1 (bugs.php.net/bug.php?id=77440).

我删除了libcrypto-1_1.dll和libssl-1_1.dll文件，并从openssl 1.1.0j中将它们替换为一次.重新启动服务器后，一切正常！

I deleted my libcrypto-1_1.dll and libssl-1_1.dll files and replaced them with once from openssl 1.1.0j. After restarting my server everything worked!

这篇关于PHP:与SSL绑定时，ldap_bind给出500 Internal Server Error，但没有常规绑定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！