Problem: OpenSSL is not working in my Windows environment. OpenSSL repeatedly reports errors 0x02001003, 0x2006D080 and 0x0E064002.
Environment:
Windows NT x 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586
Apache/2.4.4 (Win32)
PHP/5.4.13 x86
PHP Directory: E:\wamp\php\
Virtual Host Directory: E:\Projects\1\public_html
What I've Attempted:
- Installation Instructions http://www.php.net/manual/en/openssl.installation.php
- PHP.ini
extension=php_openssl.dll
- Openssl.cnf
E:\wamp\php\extras\openssl.cnf
- %PATH%
E:\wamp\php
- Rebooted
- phpinfo:
----OpenSSL support enabled
----OpenSSL Library Version OpenSSL 1.0.1e 11 Feb 2013
----OpenSSL Header Version OpenSSL 0.9.8y 5 Feb 2013 - With and without specifying config in
configargs
- With and without specifying
<Directory E:\wamp\php\extras>
in apache config - Copied
openssl.cnf
to virtualhost public_html, pointed to that and still get same errors - Nothing logged in error_log
- Researched: I've spent the last 2 days researching this, surprised there isn't more info on it so I'm posting here. Seems to be problem with OpenSSL config or apache/php not reading config properly.
Code:
$privateKey = openssl_pkey_new();
while($message = openssl_error_string()){
echo $message.'<br />'.PHP_EOL;
}
Results:
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
OpenSSL Manually:
E:\wamp\apache\bin>openssl.exe pkey
WARNING: can't open config file: c:/openssl-1.0.1e/ssl/openssl.cnf
E:\wamp\apache\bin>set OPENSSL_CONF="E:\wamp\php\extras\openssl.cnf"
E:\wamp\apache\bin>openssl.exe pkey
3484:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('"E:\wamp\php\extras\openssl.cnf"','rb')
3484:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174:
3484:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:
EDIT:
- Thanks to @Gordon I can now see open_ssl errors using
openssl_error_string
- Completely uninstall EasyPHP. Manually installed stable versions of PHP/Apache. Same results! Definitely something I'm doing wrong with implementing openssl on windows.
- OpenSSL Manually section... additional error info
FINAL THOUGHTS:
I set up a linux box and I'm getting the same errors. After some playing around I see that even though it's throwing errors at the openssl_pkey_new it does eventually create my test p12 file. Long story short, the errors are misleading and it has to deal more with how you are using openssl functions not so much server-side configuration.
Final code:
// Create the keypair
$res=openssl_pkey_new();
// Get private key
openssl_pkey_export($res, $privkey);
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
// Actual file
$Private_Key = null;
$Unsigned_Cert = openssl_csr_new($Info,$Private_Key,$Configs);
$Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365,$Configs);
openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");
Close away.
A year later...
So I found myself doing this again a year later, and regardless of whatever PATH variables I set on the computer or during the script execution, it kept erroring about file not found. I was able to resolve it by passing in the config
parameter in the config_args
array in openssl_pkey_new
. Here is a function that tests the ability to successfully use OpenSSL:
/**
* Tests the ability to 1) create pub/priv key pair 2) extract pub/priv keys 3) encrypt plaintext using keys 4) decrypt using keys
*
* @return boolean|string False if fails, string if success
*/
function testOpenSSL($opensslConfigPath = NULL)
{
if ($opensslConfigPath == NULL)
{
$opensslConfigPath = "E:/Services/Apache/httpd-2.4.9-win32-VC11/conf/openssl.cnf";
}
$config = array(
"config" => $opensslConfigPath,
"digest_alg" => "sha512",
"private_key_bits" => 4096,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config); // <-- CONFIG ARRAY
if (empty($res)) {return false;}
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey, NULL, $config); // <-- CONFIG ARRAY
// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
if ($pubKey === FALSE){return false;}
$pubKey = $pubKey["key"];
$data = 'plaintext data goes here';
// Encrypt the data to $encrypted using the public key
$res = openssl_public_encrypt($data, $encrypted, $pubKey);
if ($res === FALSE){return false;}
// Decrypt the data using the private key and store the results in $decrypted
$res = openssl_private_decrypt($encrypted, $decrypted, $privKey);
if ($res === FALSE){return false;}
return $decrypted;
}
// Example usage:
$res = testOpenSSL();
if ($res === FALSE)
{
echo "<span style='background-color: red;'>Fail</span>";
} else {
echo "<span style='background-color: green;'>Pass: ".$res."</span>";
}
openssl.exe
manually I see it erroring about ./crypto but I see no ./crypto folder in the apache\bin where openssl.exe is....Unknown error:.\crypto\bio\bss_file.c:169:fopen
– Nieshanietoset OPENSSL_CONF=c:\openssl-win32\bin\openssl.cnf
will probably be needed. – Jerboa/usr/local/ssl
, or some drive likeZ:\OpenSSL
. Or maybe even something for Cygwin like/c/windows/system
. There's all kind of crazy configurations hard coded into these builds. Use ProcMon to determine the bad paths. – Jerboa