OpenSSL 不适用于 Windows,错误 0x02001003 0x2006D080 0x0E064002 [英] OpenSSL not working on Windows, errors 0x02001003 0x2006D080 0x0E064002
问题描述
问题: OpenSSL 在我的 Windows 环境中不起作用.OpenSSL 反复报错 0x02001003、0x2006D080 和 0x0E064002.
Problem: OpenSSL is not working in my Windows environment. OpenSSL repeatedly reports errors 0x02001003, 0x2006D080 and 0x0E064002.
环境:
Windows NT x 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586
Apache/2.4.4 (Win32)
PHP/5.4.13 x86
PHP Directory: E:\wamp\php\
Virtual Host Directory: E:\Projects\1\public_html
我的尝试:
- 安装说明 http://www.php.net/manual/en/openssl.installation.php
- PHP.ini
extension=php_openssl.dll - Openssl.cnf
E:\wamp\php\extras\openssl.cnf - %PATH%
E:\wamp\php - 重新启动
- phpinfo:
----OpenSSL 支持已启用
----OpenSSL 库版本 OpenSSL 1.0.1e 2013 年 2 月 11 日
----OpenSSL 标头版本 OpenSSL 0.9.8y 2013 年 2 月 5 日 - 在
configargs中有无指定config - 在apache配置中指定和不指定
<目录E:\wamp\php\extras> - 将
openssl.cnf复制到虚拟主机 public_html,指向那个,但仍然得到相同的错误 - 没有登录error_log
- 研究:过去 2 天我一直在研究这个,很惊讶没有关于它的更多信息,所以我在这里发帖.似乎是 OpenSSL 配置或 apache/php 没有正确读取配置的问题.
- Installation Instructions http://www.php.net/manual/en/openssl.installation.php
- PHP.ini
extension=php_openssl.dll - Openssl.cnf
E:\wamp\php\extras\openssl.cnf - %PATH%
E:\wamp\php - Rebooted
- phpinfo:
----OpenSSL support enabled
----OpenSSL Library Version OpenSSL 1.0.1e 11 Feb 2013
----OpenSSL Header Version OpenSSL 0.9.8y 5 Feb 2013 - With and without specifying config in
configargs - With and without specifying
<Directory E:\wamp\php\extras>in apache config - Copied
openssl.cnfto virtualhost public_html, pointed to that and still get same errors - Nothing logged in error_log
- Researched: I've spent the last 2 days researching this, surprised there isn't more info on it so I'm posting here. Seems to be problem with OpenSSL config or apache/php not reading config properly.
代码:
$privateKey = openssl_pkey_new();
while($message = openssl_error_string()){
echo $message.'<br />'.PHP_EOL;
}
结果:
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
手动 OpenSSL:
E:\wamp\apache\bin>openssl.exe pkey
WARNING: can't open config file: c:/openssl-1.0.1e/ssl/openssl.cnf
E:\wamp\apache\bin>set OPENSSL_CONF="E:\wamp\php\extras\openssl.cnf"
E:\wamp\apache\bin>openssl.exe pkey
3484:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('"E:\wamp\php\extras\openssl.cnf"','rb')
3484:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174:
3484:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:
- 感谢@Gordon,我现在可以使用
openssl_error_string 查看 open_ssl 错误 - 完全卸载 EasyPHP.手动安装稳定版本的 PHP/Apache.结果一样!在 Windows 上实现 openssl 肯定是我做错了.
- OpenSSL 手动部分...附加错误信息
最后的想法:
我设置了一个 linux 机器,但遇到了同样的错误.经过一番尝试后,我发现即使它在 openssl_pkey_new 处抛出错误,它最终还是会创建我的测试 p12 文件.长话短说,这些错误具有误导性,它必须更多地处理如何您使用 openssl 功能而不是服务器端配置.
FINAL THOUGHTS:
I set up a linux box and I'm getting the same errors. After some playing around I see that even though it's throwing errors at the openssl_pkey_new it does eventually create my test p12 file. Long story short, the errors are misleading and it has to deal more with how you are using openssl functions not so much server-side configuration.
最终代码:
// Create the keypair
$res=openssl_pkey_new();
// Get private key
openssl_pkey_export($res, $privkey);
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
// Actual file
$Private_Key = null;
$Unsigned_Cert = openssl_csr_new($Info,$Private_Key,$Configs);
$Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365,$Configs);
openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");
靠近.
一年后...
所以一年后我发现自己又这样做了,无论我在计算机上或在脚本执行过程中设置了什么 PATH 变量,它都不断出现关于找不到文件的错误.我能够通过在 openssl_pkey_new 中的 config_args 数组中传入 config 参数来解决它.下面是一个测试成功使用 OpenSSL 的能力的函数:
So I found myself doing this again a year later, and regardless of whatever PATH variables I set on the computer or during the script execution, it kept erroring about file not found. I was able to resolve it by passing in the config parameter in the config_args array in openssl_pkey_new. Here is a function that tests the ability to successfully use OpenSSL:
/**
* Tests the ability to 1) create pub/priv key pair 2) extract pub/priv keys 3) encrypt plaintext using keys 4) decrypt using keys
*
* @return boolean|string False if fails, string if success
*/
function testOpenSSL($opensslConfigPath = NULL)
{
if ($opensslConfigPath == NULL)
{
$opensslConfigPath = "E:/Services/Apache/httpd-2.4.9-win32-VC11/conf/openssl.cnf";
}
$config = array(
"config" => $opensslConfigPath,
"digest_alg" => "sha512",
"private_key_bits" => 4096,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config); // <-- CONFIG ARRAY
if (empty($res)) {return false;}
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey, NULL, $config); // <-- CONFIG ARRAY
// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
if ($pubKey === FALSE){return false;}
$pubKey = $pubKey["key"];
$data = 'plaintext data goes here';
// Encrypt the data to $encrypted using the public key
$res = openssl_public_encrypt($data, $encrypted, $pubKey);
if ($res === FALSE){return false;}
// Decrypt the data using the private key and store the results in $decrypted
$res = openssl_private_decrypt($encrypted, $decrypted, $privKey);
if ($res === FALSE){return false;}
return $decrypted;
}
// Example usage:
$res = testOpenSSL();
if ($res === FALSE)
{
echo "<span style='background-color: red;'>Fail</span>";
} else {
echo "<span style='background-color: green;'>Pass: ".$res."</span>";
}
推荐答案
下面的代码按预期工作.但是如果你在 openssl 方法之后运行 openssl_error_string() 它会显示 error:0E06D06C:configuration fileroutines:NCONF_get_string:no value 这是我找不到的一些通知文档.
The code below works as expected. BUT if you run openssl_error_string() after the openssl methods it shows error:0E06D06C:configuration file routines:NCONF_get_string:no value which is some notice I have not been able to find documentation on.
进一步注意,根据http://www.php.net/manual/en/function.openssl-error-string.php 您可能会在错误消息排队时看到误导性错误:
Further note that according to http://www.php.net/manual/en/function.openssl-error-string.php you could be seeing mis-leading errors as error messages are queued:
使用此函数检查错误时要小心,因为它似乎是从 > 错误缓冲区中读取的,其中可能包括来自使用 openssl > 函数的另一个脚本或进程的错误.(我很惊讶地发现它在我调用任何 > openssl_* 函数之前返回错误消息)
Be careful when using this function to check errors, as it seems to read from a buffer of > errors, which could include errors from another script or process that was using openssl > functions. (I was surprised to find it returing error messages before I had called any > openssl_* functions)
<?php
/* Create the private and public key */
$res = openssl_pkey_new();
openssl_error_string(); // May throw error even though its working fine!
/* Extract the private key from $res to $privKey */
openssl_pkey_export($res, $privKey);
openssl_error_string(); // May throw error even though its working fine!
/* Extract the public key from $res to $pubKey */
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];
$data = 'i.amniels.com is a great website!';
/* Encrypt the data using the public key
* The encrypted data is stored in $encrypted */
openssl_public_encrypt($data, $encrypted, $pubKey);
/* Decrypt the data using the private key and store the
* result in $decrypted. */
openssl_private_decrypt($encrypted, $decrypted, $privKey);
echo $decrypted;
?>
这篇关于OpenSSL 不适用于 Windows,错误 0x02001003 0x2006D080 0x0E064002的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
