OpenSSL not working on Windows, errors 0x02001003 0x2006D080 0x0E064002
Asked Answered
N

10

52

Problem: OpenSSL is not working in my Windows environment. OpenSSL repeatedly reports errors 0x02001003, 0x2006D080 and 0x0E064002.

Environment:

Windows NT x 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586
Apache/2.4.4 (Win32)
PHP/5.4.13 x86
PHP Directory: E:\wamp\php\
Virtual Host Directory: E:\Projects\1\public_html

What I've Attempted:

  • Installation Instructions http://www.php.net/manual/en/openssl.installation.php
  • PHP.ini extension=php_openssl.dll
  • Openssl.cnf E:\wamp\php\extras\openssl.cnf
  • %PATH% E:\wamp\php
  • Rebooted
  • phpinfo:
    ----OpenSSL support enabled
    ----OpenSSL Library Version OpenSSL 1.0.1e 11 Feb 2013
    ----OpenSSL Header Version OpenSSL 0.9.8y 5 Feb 2013
  • With and without specifying config in configargs
  • With and without specifying <Directory E:\wamp\php\extras> in apache config
  • Copied openssl.cnf to virtualhost public_html, pointed to that and still get same errors
  • Nothing logged in error_log
  • Researched: I've spent the last 2 days researching this, surprised there isn't more info on it so I'm posting here. Seems to be problem with OpenSSL config or apache/php not reading config properly.

Code:

$privateKey = openssl_pkey_new();
while($message = openssl_error_string()){
    echo $message.'<br />'.PHP_EOL;
}

Results:

error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib

OpenSSL Manually:

E:\wamp\apache\bin>openssl.exe pkey
WARNING: can't open config file: c:/openssl-1.0.1e/ssl/openssl.cnf

E:\wamp\apache\bin>set OPENSSL_CONF="E:\wamp\php\extras\openssl.cnf"

E:\wamp\apache\bin>openssl.exe pkey
3484:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('"E:\wamp\php\extras\openssl.cnf"','rb')
3484:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174:
3484:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:

EDIT:

  1. Thanks to @Gordon I can now see open_ssl errors using openssl_error_string
  2. Completely uninstall EasyPHP. Manually installed stable versions of PHP/Apache. Same results! Definitely something I'm doing wrong with implementing openssl on windows.
  3. OpenSSL Manually section... additional error info

FINAL THOUGHTS:
I set up a linux box and I'm getting the same errors. After some playing around I see that even though it's throwing errors at the openssl_pkey_new it does eventually create my test p12 file. Long story short, the errors are misleading and it has to deal more with how you are using openssl functions not so much server-side configuration.

Final code:

// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privkey);

// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];

// Actual file
$Private_Key = null;
$Unsigned_Cert = openssl_csr_new($Info,$Private_Key,$Configs);
$Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365,$Configs);
openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");

Close away.

A year later...

So I found myself doing this again a year later, and regardless of whatever PATH variables I set on the computer or during the script execution, it kept erroring about file not found. I was able to resolve it by passing in the config parameter in the config_args array in openssl_pkey_new. Here is a function that tests the ability to successfully use OpenSSL:

    /**
     * Tests the ability to 1) create pub/priv key pair 2) extract pub/priv keys 3) encrypt plaintext using keys 4) decrypt using keys
     * 
     * @return boolean|string False if fails, string if success
     */
    function testOpenSSL($opensslConfigPath = NULL)
    {
        if ($opensslConfigPath == NULL)
        {
            $opensslConfigPath = "E:/Services/Apache/httpd-2.4.9-win32-VC11/conf/openssl.cnf";
        }
        $config = array(
            "config" => $opensslConfigPath,
            "digest_alg" => "sha512",
            "private_key_bits" => 4096,
            "private_key_type" => OPENSSL_KEYTYPE_RSA,
        );

        $res = openssl_pkey_new($config); // <-- CONFIG ARRAY
        if (empty($res)) {return false;}

        // Extract the private key from $res to $privKey
        openssl_pkey_export($res, $privKey, NULL, $config); // <-- CONFIG ARRAY

        // Extract the public key from $res to $pubKey
        $pubKey = openssl_pkey_get_details($res);
        if ($pubKey === FALSE){return false;}

        $pubKey = $pubKey["key"];

        $data = 'plaintext data goes here';

        // Encrypt the data to $encrypted using the public key
        $res = openssl_public_encrypt($data, $encrypted, $pubKey);
        if ($res === FALSE){return false;}

        // Decrypt the data using the private key and store the results in $decrypted
        $res = openssl_private_decrypt($encrypted, $decrypted, $privKey);
        if ($res === FALSE){return false;}

        return $decrypted;
    }

    // Example usage:
    $res = testOpenSSL();
    if ($res === FALSE)
    {
        echo "<span style='background-color: red;'>Fail</span>";
    } else {
        echo "<span style='background-color: green;'>Pass: ".$res."</span>";
    }
Nieshanieto answered 21/3, 2013 at 21:17 Comment(11)
So it seems to definitely be reading the openssl.cnf file, if I set config to a non-existing file I get no file errors. So I assume the problem is in the openssl.cnf, apache permissions, or openssl binaries missing/permissions... /2daysNieshanieto
I have to put this in, please use Linux for server environments unless you're using MS specific products like MSSQL and .NET stuff. If you cannot setup a box for it, use virtualisation (e.g. vmware, virtualbox)Submerge
@Submerge 'change your OS' isn't a real-world solution.Nieshanieto
But you can easily make a virtual environment. Anyone thinking of using Apache on Windows in production should really rethink their plans :x So I can only assume that this is for a testing environment.Submerge
It is a dev environment. While production will be in linux, unfortunately this is the environment I'm stuck in to develop. While I agree, I also want to find the answer as I know this can work on Windows.Nieshanieto
Back to the issue at hand... when I run openssl.exe manually I see it erroring about ./crypto but I see no ./crypto folder in the apache\bin where openssl.exe is.... Unknown error:.\crypto\bio\bss_file.c:169:fopenNieshanieto
Shot in the dark- could you check your PATH to make sure you don't have OpenSSL in more than one? In same vein, might want to search all drives on system for openssl.exe.Connors
On Windows, you need to download and install Sysinternal's Process Monitor (formerly we wanted FileMon). Next, you watch your process and see what its trying to access. My guess is some library can't find some configuration file. If its OpenSSL, then something like set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cnf will probably be needed.Jerboa
Default OpenSSL configs on Windows usually don't make sense. They will point to Linux and Unix's /usr/local/ssl, or some drive like Z:\OpenSSL. Or maybe even something for Cygwin like /c/windows/system. There's all kind of crazy configurations hard coded into these builds. Use ProcMon to determine the bad paths.Jerboa
Also see OpenSSL and error in reading openssl.conf file.Jerboa
My latest answer as of Nov 2020 hereCinchonism
N
10

The code below works as expected. BUT if you run openssl_error_string() after the openssl methods it shows error:0E06D06C:configuration file routines:NCONF_get_string:no value which is some notice I have not been able to find documentation on.

Further note that according to http://www.php.net/manual/en/function.openssl-error-string.php you could be seeing mis-leading errors as error messages are queued:

Be careful when using this function to check errors, as it seems to read from a buffer of > errors, which could include errors from another script or process that was using openssl > functions. (I was surprised to find it returing error messages before I had called any > openssl_* functions)

<?php
/* Create the private and public key */
$res = openssl_pkey_new();
openssl_error_string(); // May throw error even though its working fine!

/* Extract the private key from $res to $privKey */
openssl_pkey_export($res, $privKey);
openssl_error_string(); // May throw error even though its working fine!

/* Extract the public key from $res to $pubKey */
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];

$data = 'i.amniels.com is a great website!';

/* Encrypt the data using the public key
 * The encrypted data is stored in $encrypted */
openssl_public_encrypt($data, $encrypted, $pubKey);

/* Decrypt the data using the private key and store the
 * result in $decrypted. */
openssl_private_decrypt($encrypted, $decrypted, $privKey);

echo $decrypted;
?>
Nieshanieto answered 26/3, 2013 at 20:36 Comment(0)
L
5

a few things here :

%PATH% should also contain windows and system32 so your %PATH% should look like c:\windows;c:\windows\system32;E:\wamp\php and in e:\wamp\php should be the openssl dll file

also try the openssl version matching the header version 0.9.8y 5 Feb 2013 download here for 32bit and here for 64bit

this code seems to work for me:

// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privkey);

// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
$Info = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "Somerset",
    "localityName" => "Glastonbury",
    "organizationName" => "The Brain Room Limited",
    "organizationalUnitName" => "PHP Documentation Team",
    "commonName" => "Wez Furlong",
    "emailAddress" => "[email protected]"
);

// Actual file
$Private_Key = null;
$Unsigned_Cert = openssl_csr_new($Info,$Private_Key);
$Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365);
openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");
Launceston answered 1/7, 2013 at 16:36 Comment(0)
S
4

I had a similar problem, for me it helped to set the environment variable 'OPENSSL_CONF' manually at the beginning of my script.

Somehow the environment variable wasn't set correctly, or didn't get through to my php (Setup: AMPPS, Win7 64Bit).

The example location used below is the path that you'd have to use with a standard AMPPS installation, so if you are using AMPPS, just copy&paste :

putenv("OPENSSL_CONF=C:\Program Files (x86)\Ampps\php\extras\openssl.cnf");
Suture answered 20/10, 2013 at 10:50 Comment(1)
This didn't work for me, but specifying the path to the openssl.cnf in the config_args array did work.Nieshanieto
M
3

If you're using Apache 2.4 + mod_fcgid, you can specify OpenSSL conf file by adding FcgidInitialEnv in httpd.conf file:

# OPENSSL CONF
FcgidInitialEnv OPENSSL_CONF "D:/apps/php70/extras/ssl/openssl.cnf"

I'm not using preconfigured package such as WAMP, I've got Apache from Apache Lounge and PHP from windows.php.net and configured by myself.

Musicianship answered 12/12, 2015 at 11:42 Comment(0)
A
2

Clean solution:

  1. Download archive (doesn't matter which) for PHP Windows binaries from here: http://windows.php.net/download
  2. Inside you find file /extras/ssl/openssl.cnf
  3. Extract openssl.cnf somewhere (e. g. "C:/WEB/PHP/extras/ssl/openssl.cnf")
  4. Add global system variable OPENSSL_CONF with your used path (e. g. "C:\WEB\PHP\extras\openssl.cnf" (without the double quotes)).

enter image description here

You must add the path to the OPENSSL_CONF system variable. Adding it to the Path system variable is not sufficient! Under Windows 7 you find the settings dialog under: "Control Panel > System and Security > System > Advanced system settings (left menu) > Advanced (Tab) > Environment Variables...". Add the Variable OPENSSL_CONF there.

It is not required to prepare the openssl.cnf file before usage - it will work out of the box. But you can, if you want to fine tune settings.

Andalusite answered 9/8, 2016 at 4:3 Comment(0)
C
1

Have you installed OpenSSL via this method ? Installing OpenSSL on Windows

  1. Go to http://gnuwin32.sourceforge.net/packages/openssl.htm, and download the "Setup" version of "Binaries", openssl-0.9.7c-bin.exe.

  2. Double click on openssl-0.9.7c-bin.exe to install OpenSSL to \local\gnuwin32 directory.

  3. Go back to the same page, download the "Setup" version of "Documentation", and install it to the same directory.

  4. Open command line window, and try the following command: Code:

    \local\gnuwin32\bin\openssl -help
    openssl:Error: '-help' is an invalid command.

    Standard commands
    asn1parse      ca             ciphers        crl            crl2pkcs7
    dgst           dh             dhparam        dsa            dsaparam
    enc            engine         errstr         gendh          gendsa
    genrsa         nseq           ocsp           passwd         pkcs12
    pkcs7          pkcs8          rand           req            rsa
    rsautl         s_client       s_server       s_time         sess_id
    smime          speed          spkac          verify         version
    x509
    ......

If you see the list of commands printed by OpenSSL, you know that your installation is done correctly.

Catastrophism answered 7/6, 2013 at 17:41 Comment(1)
NOTE that the linked site has old versions of the Binaries! Go here for the latest and most secure version: slproweb.com/products/Win32OpenSSL.htmlCharge
P
0

In my case copying the files to c:\windows\system32 helped me out

libeay32.dll, ssleay32.dll

One can find them in OpenSSL_INSTALL_PATH\bin.

Pep answered 14/10, 2014 at 18:7 Comment(0)
R
0
<?php 

         // also see  https://mcmap.net/q/354393/-php-get-private-key-from-a-single-line-private-key 
         // micmap.org/php-by-example/de/function/openssl_get_publickey
         // best  https://mcmap.net/q/344239/-openssl-not-working-on-windows-errors-0x02001003-0x2006d080-0x0e064002
         // sandrocirulli.net/how-to-encrypt-and-decrypt-emails-and-files/



         echo '<pre>';


        function testOpenSSL($openssl_args)
        {

                $res = openssl_pkey_new($openssl_args); // <-- CONFIG ARRAY
                openssl_error_string(); // May throw error even though its working fine!
                if (empty($res)) {return false;}
                $openssl_args['keysnew']=$res;
                        //var_dump($res);echo '<br><br>';


                // Extract the private key from $res to $privKey
                openssl_pkey_export($res, $privKey, NULL, $openssl_args); // <-- CONFIG ARRAY
                openssl_error_string(); // May throw error even though its working fine!

                // Extract the public key from $res to $pubKey
                $pubKey = openssl_pkey_get_details($res);
                openssl_error_string(); // May throw error even though its working fine!
                if ($pubKey === FALSE){return false;}
                $pubKey = $pubKey["key"];   

                // Encrypt the data to $encrypted using the public key
                $data = $openssl_args['data'];          
                $res = openssl_public_encrypt($data, $encrypted, $pubKey);
                if ($res === FALSE){return false;}
                        #var_dump($res);exit; //bool
                // Decrypt the data using the private key and store the results in $decrypted
                $res = openssl_private_decrypt($encrypted, $decrypted, $privKey);
                if ($res === FALSE){return false;}

                //return $decrypted;
                $openssl_args['pub_key']=$pubKey;
                $openssl_args['priv_key']=$privKey;
                $openssl_args['encr']=$encrypted;
                $openssl_args['decr']=$decrypted; 

                return $openssl_args;

        }




        // try sam openssl.cnf   , most error on windows xampp
        $try= 5;     
        $openssl_cnf_path = array(
            0=>'C:\xampp\apache\conf\openssl.cnf',   //11259 bytes
            1=>'C:\xampp\apache\bin\openssl.cnf',   //11259 bytes

            2=>'C:\xampp\php\windowsXamppPhp\extras\ssl\openssl.cnf',  //10909
            3=>'C:\xampp\php\extras\ssl\openssl.cnf',   //10909 byes
            4=>'C:\xampp\php\extras\openssl\openssl.cnf',   //9374 bytes

            5=>'C:\Program Files\Git\usr\ssl\openssl.cnf',  //10909 bytes
            6=>'C:\Program Files\Git\mingw64\ssl\openssl.cnf',  //10909 bytes
            );

        $data = ' todo in spin activate theme elementor-child plugin qw_casino ... permalinks postname media Lib. add new upload paysave pic make empty page   with template-casino in -child make page4todo in spin activate theme elementor-child plugin qw_casin245'; /**  ... permalinks postname media Lib. add new upload paysave pic make empty page   with template-casino in -child make page6todo in spin activate theme elementor-child plugin qw_casino  .. permalinks postname media Lib.add new upload paysave pic  make empty501'; 
        /** mist max str len 501  in RFC3447 can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus) so if you are using 2048-bit RSA key then maximum length of the plain data to be encrypted is 245 bytes.  /***/

        echo 'str len : ', strlen($data);

        $openssl_args = array(
            "config" => $openssl_cnf_path[$try],
            "digest_alg" => "sha512",
            //"private_key_bits" => 4096,
            "private_key_bits" => 2048,
            "private_key_type" => OPENSSL_KEYTYPE_RSA,
            "try_path_ar" => $openssl_cnf_path,
            "data" => $data,
            );



        // Example
        $res = testOpenSSL($openssl_args);
        if ($res === FALSE)
        {
            echo "<h4 style='background-color: red;'>Fail</h4>";
        } else {
            echo '<h3 style=\'background-color: green; color:white;\'>with $try= '.$try.' decrypted ok: '.$res['decr'].'</h3>';
        }

                //////////////////////////////////////////
                //
                echo '<br>vardump res <br>';  var_dump($res);   
                echo '<br>======================<br>';      

        $privKey=$res['priv_key'];
        $pubKey =$res['pub_key'];
        file_put_contents('pri_key.txt',$privKey);
        file_put_contents('priv_key.txt',$privKey);
        file_put_contents('pub_key.txt',$pubKey);


        echo '<br><br><pre>';


        /* Encrypt the data using the public key
         * The encrypted data is stored in $encrypted */
        openssl_public_encrypt($data, $encrypted, $pubKey);
                echo '<br>public encrypt: '; var_dump( base64_encode($encrypted));


        /* Decrypt the data using the private key and store the
         * result in $decrypted. */
        openssl_private_decrypt($encrypted, $decrypted, $privKey);
                echo ' private decrypt: ', $decrypted;      



        // inverse testOpenSSL
        openssl_private_encrypt($data, $encrypted, $privKey);
                echo '<br><br> invers<br>pri encrypt: '; var_dump( base64_encode($encrypted));

        openssl_public_decrypt($encrypted, $decrypted, $pubKey);
                echo ' pub decrypt: ', $decrypted , '<br>'; 
Reichenberg answered 27/2, 2020 at 16:42 Comment(1)
in my case, in windows xampp , the most important was find the right openssl.cnf and put in arg arrayReichenberg
V
0

I had a similar problem with XAMPP. I found that OPENSSL_CONF in [xampp_dir]\apache\conf\extra\httpd-xampp.conf was set incorrectly to [xampp_dir]/apache/bin/openssl.cnf. After fixing it to [xampp_dir]/apache/conf/openssl.cnf it works.

Varga answered 16/2, 2022 at 10:29 Comment(0)
L
-1

Might I suggest using Virtual Box, create a VM and install the LAMP stack. This will give you a "more real" environment. As well as troubleshooting OpenSSL is easier on Linux.

With that said, I believe your problem is you can't find the plugin file itself. Make sure it lives in the right path and exists on your machine and the process Apache runs under has permissions to read it.

Luehrmann answered 19/6, 2013 at 21:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.