使用OpenSSL的功能时，Apache服务器（XAMPP）崩溃 [英] Apache server (xampp) crashes when using openssl function

问题描述

我想生成公/私密钥对用PHP。

I'm trying to generate a private/public key pair with php.

服务器：Apache / 2.4.3（Win32的）的OpenSSL / 1.0.1c PHP / 5.4.7

Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7

操作系统是Windows XP SP3安装了所有Windows更新。

OS is Windows XP SP3 with all windows updates installed.

我试着执行下面的脚本：

I'm trying to execute the following script:

<?php

$ssl_path = getcwd();
$ssl_path = preg_replace('/\\\/','/', $ssl_path);  // Replace \ with /

$config = array(
    'config'           => "$ssl_path/openssl.cnf",
    'private_key_bits' => 1024, 
    'private_key_type' => OPENSSL_KEYTYPE_RSA
);

$dn = array(
   "countryName"            => "AT",
   "stateOrProvinceName"    => "Vienna",
   "localityName"           => "Cambs",
   "organizationName"       => "UniServer",
   "organizationalUnitName" => "Demo",
   "commonName"             => "localhost",
   "emailAddress"           => "me@example.com"
);

$privateKey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privateKey, $config);
$sscert = openssl_csr_sign($csr, NULL, $privateKey, 365, $config);
openssl_pkey_export_to_file($privateKey, "C:/server.key", NULL, $config);
openssl_x509_export_to_file($sscert,  "C:/server.crt", FALSE);
openssl_csr_export_to_file($csr, "C:/server.csr");
$keyDetails = openssl_pkey_get_details($privateKey);
file_put_contents('C:/public.key', $keyDetails['key']);

?>

这是我的openssl.cnf中：

This is my openssl.cnf:

#######################################################################
# File name: openssl.cnf
# Created By: The Uniform Server Development Team
########################################################################

#
# OpenSSL configuration file.
#

# Establish working directory.
dir         = .

[ req ]
default_bits            = 1024
default_md              = sha1
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
x509_extensions         = v3_ca
string_mask             = nombstr

[ req_distinguished_name ]
countryName             = Country Name (2 letter code)
countryName_min         = 2
countryName_max         = 2
stateOrProvinceName     = State or Province Name (full name)
localityName            = Locality Name (eg, city)
0.organizationName      = Organization Name (eg, company)
organizationalUnitName  = Organizational Unit Name (eg, section)
commonName              = Common Name (eg, YOUR fqdn)
commonName_max          = 64
emailAddress            = Email Address
emailAddress_max        = 64

[ ssl_server ]
basicConstraints        = CA:FALSE
nsCertType              = server
keyUsage                = digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, nsSGC, msSGC
nsComment               = "OpenSSL Certificate for SSL Web Server"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
basicConstraints        = critical, CA:true, pathlen:0
nsCertType              = sslCA
keyUsage                = cRLSign, keyCertSign
extendedKeyUsage        = serverAuth, clientAuth
nsComment               = "OpenSSL CA Certificate"

当我尝试执行该脚本apache的崩溃和重新启动。是什么造成这个问题？

When i try to execute this script apache crashes and restarts. What's causing this problem?

BTW：如果我尝试使用phpseclib0.3.1 LIB发生同样的错误。

BTW: Same error occurs if i try to use the phpseclib0.3.1 lib.

提前感谢！

推荐答案

在我的经验openssl_pkey_get_details（）需要X.509证书，以获得公共密钥 - 而不是一个私钥（尽管文件说什么）

In my experience openssl_pkey_get_details() requires an X.509 cert to get the public key - not a private key (despite what the documentation says).

实际上可能更容易做到这一切与 phpseclib，一个纯粹的PHP执行X.509 。例如：

Might actually be easier to do all this with phpseclib, a pure PHP X.509 implementation. eg.:

http://phpseclib.sourceforge.net/x509/examples.html#selfsigned

<?php
include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDN(array(
    "countryName"            => "AT",
    "stateOrProvinceName"    => "Vienna",
    "localityName"           => "Cambs",
    "organizationName"       => "UniServer",
    "organizationalUnitName" => "Demo",
    "commonName"             => "localhost",
    "emailAddress"           => "me@example.com"
 ));
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();

$result = $x509->sign($issuer, $subject);

$csr = $issuer->signCSR();
$csr = $x509->saveCSR($csr);

file_put_contents("C:/server.key", $privKey->getPrivateKey());
file_put_contents("C:/server.crt", $x509->saveX509($result));
file_put_contents('C:/public.key', $privKey->getPublicKey());
file_put_contents("C:/server.csr", $csr);
?>

这篇关于使用OpenSSL的功能时，Apache服务器（XAMPP）崩溃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！