stream_socket_enable_crypto

(PHP 5 >= 5.1.0, PHP 7, PHP 8)

stream_socket_enable_crypto — Active ou non le chiffrement, pour un socket déjà connecté

Description

stream_socket_enable_crypto(
    resource $stream,
    bool $enable,
    int $crypto_type = ?,
    resource $session_stream = ?
): mixed

Active ou non le chiffrement, pour un socket déjà connecté.

Une fois les paramètres de chiffrement définis, le chiffrement peut être activé et désactivé dynamiquement en passant true ou false dans le paramètre enable.

Liste de paramètres

stream

La ressource de flux.

enable

Active ou non le chiffrement sur le flux.

crypto_type

Configure le chiffrement sur le flux. Les méthodes valides sont

STREAM_CRYPTO_METHOD_SSLv2_CLIENT
STREAM_CRYPTO_METHOD_SSLv3_CLIENT
STREAM_CRYPTO_METHOD_SSLv23_CLIENT
STREAM_CRYPTO_METHOD_ANY_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_SSLv2_SERVER
STREAM_CRYPTO_METHOD_SSLv3_SERVER
STREAM_CRYPTO_METHOD_SSLv23_SERVER
STREAM_CRYPTO_METHOD_ANY_SERVER
STREAM_CRYPTO_METHOD_TLS_SERVER
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER

Si omis, l'option de contexte crypto_method sur le contexte SSL du flux sera utilisée à la place.

session_stream

Initialise le flux avec la configuration issue du paramètre session_stream.

Valeurs de retour

Retourne true en cas de succès, false si la négociation a échoué ou 0 s'il n'y a pas assez de données et que vous devez essayer encore (uniquement pour les sockets non-bloquants).

Exemples

Exemple #1 Exemple avec stream_socket_enable_crypto()


<?php
$fp = stream_socket_client("tcp://myproto.example.com:31337", $errno, $errstr, 30);
if (!$fp) {
    die("Impossible de se connecter : $errstr ($errno)");
}

/* Activation du chiffrement durant l'identification */
stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);
fwrite($fp, "USER god\r\n");
fwrite($fp, "PASS secret\r\n");

/* Désactivation du chiffrement pour le reste */
stream_socket_enable_crypto($fp, false);

while ($motd = fgets($fp)) {
    echo $motd;
}

fclose($fp);
?>

Résultat de l'exemple ci-dessus est similaire à :

Voir aussi

add a note

User Contributed Notes 5 notes

down

bobe at webnaute dot net ¶

8 years ago


Constants added in PHP 5.6 :

STREAM_CRYPTO_METHOD_ANY_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_ANY_SERVER
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER

Now, be careful because since PHP 5.6.7, STREAM_CRYPTO_METHOD_TLS_CLIENT (same for _SERVER) no longer means any tls version but tls 1.0 only (for "backward compatibility"...).

Before PHP 5.6.7 :
STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_SSLv2_CLIENT|STREAM_CRYPTO_METHOD_SSLv3_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

PHP >= 5.6.7
STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT

PHP bug : https://bugs.php.net/bug.php?id=69195
Commit : https://github.com/php/php-src/commit/10bc5fd4c4c8e1dd57bd911b086e9872a56300a0

STREAM_CRYPTO_METHOD_SSLv23_CLIENT is not safe to use because before php 5.6.7, it means sslv2 or sslv3. So, you should do this :
<?php
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;

if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
    $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
    $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}

stream_socket_enable_crypto($socket, true, $crypto_method);
?>

down

tigger (AT) tiggerswelt d0t net ¶

16 years ago


As already mentioned above:

stream_socket_enable_crypto is likely to fail/return zero if the socket is in non-blocking mode.

You may either wait some seconds until all neccessary data has arrived or switch temporary to blocking mode:

<?PHP

  stream_set_blocking ($fd, true);
  stream_socket_enable_crypto ($fd, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
  stream_set_blocking ($fd, false);

?>

This works very fine for me ;-)

down

mark at kinoko dot fr ¶

16 years ago


Just to avoid letting you search everywhere why your code doesn't work when using this function to enable crypto as a server, and when using TLS, you have to put the certificate in the "ssl" context, even if you start a TLS, SSLv3, etc.. server.

I had some troubles because of that...

down

bobe at webnaute dot net ¶

9 years ago


There is an error in the description of the third argument:
"If omitted, the crypto_type context option on the stream's SSL context will be used instead."

The name of the context option is "crypto_method", NOT "crypto_type" which is just the name of the argument.

down

cgy at anymacro dot com ¶

5 years ago


$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'allow_self_signed', false);
stream_context_set_option($context, 'ssl', 'verify_peer', false);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
$fp = stream_socket_client("unix:///tmp/ssl.sock", $errno, $errstr, 30,STREAM_CLIENT_ASYNC_CONNECT | STREAM_CLIENT_CONNECT,$context);

stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);

错误提示：
PHP Warning:  stream_socket_enable_crypto(): this stream does not support SSL/crypto

add a note