Php (4.4) configured to open secure URLs (https)?

Chuck,

I've been reading forum posts saying to compile Php with
"--with-openssl in your ./configure
command."

Well, I do not compile Php from source (don't even have a C compiler).
I always download binaries (like php-4.4.0-Win32.zip that I downloaded
today from php.net).

How do I get a binary that was compiled with openssl in the configure
command? Or if I am misunderstanding something here, what is is that I
need to do?

Within the extensions folder you should see a php_openssl.dll
Also you should go to the openssl folder and read the README-SSL.txt
file. That file tells you how to implement it correctly within a
windows environment (which sometimes includes setting environment variables)

--
Mike Willbanks
Zend Certified Engineer
http://www.digitalstruct.com

Mike Willbanks wrote:

Chuck,

I've been reading forum posts saying to compile Php with
"--with-openssl in your ./configure
command."

Well, I do not compile Php from source (don't even have a C compiler).
I always download binaries (like php-4.4.0-Win32.zip that I downloaded
today from php.net).

How do I get a binary that was compiled with openssl in the configure
command? Or if I am misunderstanding something here, what is is that I
need to do?
Within the extensions folder you should see a php_openssl.dll

Yep. And I uncommented that line in php.ini. (extension=php_openssl.dll)
Also you should go to the openssl folder and read the README-SSL.txt
file.
Thanks for the help. I don't see any such file, however ......

...... I installed a compiled binary .... Win32OpenSSL-v0.9.8.exe ....
.... that I got from the Shining Light Productions site (a link from
openssl.org).
http://www.slproweb.com/products/Win32OpenSSL.html

In the help file (.chm for Windows) it says that I can uninstall it if I
do not plan on developing any apps that incorporate the SSL library and
it will leave the needed dlls in the Windows/system folder.

I understand that from what I've done, SSL should be properly installed
(I can use openssl from the command line) , however, Php still does not
show https and ftps as registered streams and I can not use fopen on
secure URLs.
That file tells you how to implement it correctly within a
windows environment (which sometimes includes setting environment variables)

I have found nothing about setting environment variables. ?? Do I need
to do something more in php (php.ini) or in Apache httpd.conf?

--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
Integrity is obvious.
The lack of it is common.
*****************************

Chuck,

I have found nothing about setting environment variables. ?? Do I need
to do something more in php (php.ini) or in Apache httpd.conf?

This is what is contained in the readme-ssl.txt file (php4):

To use the CSR and key generation functions from PHP, you will need to
install
an openssl.cnf file. We have included a sample file that can be used
for this
purpose in this folder alongside this readme file.

The default path for the openssl.cnf file is determined as follows:

OPENSSL_CONF environmental variable, if set, is assumed to hold the
path to the file.

If it is not set, SSLEAY_CONF environmental variable is checked next.
If neither are set, PHP will look in the default certificate area that
was set
at the time that the SSL DLLs were compiled. This is typically
"C:\usr\local\ssl\openssl.cnf".

If the default path is not suitable for your system, you can set the
OPENSSL_CONF variable; under windows 95 and 98 you can set this variable in
your autoexec.bat (or the batch file that starts your webserver/PHP).
Under NT, 2000 and XP you can set environmental variables using "My
Computer"
properties.

If setting an environmental var is not suitable, and you don't want to
install
the config file at the default location, you can override the default path
using code like this:

$configargs = array(
"config" => "path/to/openssl.cnf"
);

$pkey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $pkey, $config);

Please consult the online manual for more information about these functions.

NOTE!

Windows Explorer gives special meaning to files with a .cnf extension.
This typically means that editing the file from the explorer (by double or
right-clicking) will be difficult or impossible depending on your setup.
It is often easier to open the file from within the editor.
You can avoid this issue by naming the file something else (you might
need to
rename the file using a DOS box) and then setting up an environmental
variable
as described above.
--
Mike Willbanks
Zend Certified Engineer
http://www.digitalstruct.com

Thanks for getting back again, Mike.

Chuck,

have found nothing about setting environment variables. ?? Do I need
to do something more in php (php.ini) or in Apache httpd.conf?

This is what is contained in the readme-ssl.txt file (php4):

To use the CSR and key generation functions from PHP, you will need to
install an openssl.cnf file. We have included a sample file that can be used
for this purpose in this folder alongside this readme file.

The default path for the openssl.cnf file is determined as follows:

OPENSSL_CONF environmental variable, if set, is assumed to hold the
path to the file.

The compiled binary installer for openSSL did set this environment variable.

I'm really stumped here. I seem to have everything I need to get Php to
allow me to open https streams, but it is just not happening.

I downloaded and installed the latest Php4 for Windows from php.net and
it is working. If I call get_loaded_extensions, I see:

Array
(
[0] => standard
[1] => bcmath
[2] => calendar
[3] => ctype
[4] => com
[5] => ftp
[6] => mysql
[7] => odbc
[8] => overload
[9] => pcre
[10] => session
[11] => tokenizer
[12] => xml
[13] => wddx
[14] => zlib
[15] => apache
[16] => curl
[17] => gd
[18] => mhash
[19] => openssl
)

So the openssl extension is loaded.

The Windows environment variable OPENSSL_CONF is set to
C:\OpenSSL\bin\openssl.cnf (and that is where I have installed OpenSSL.
The two necessary dll files are in my Windows/System32 folder
(libeay32.dll and ssleay32.dll).

And lastly - running php -m (show compiled in modules) from a command
prompt displays:

[PHP Modules]
bcmath
calendar
com
ctype
curl
ftp
gd
mhash
mysql
odbc
openssl
overload
pcre
session
standard
tokenizer
wddx
xml
zlib

So the openssl module is compiled in my copy of Php.

Still, when I do Phpinfo, I get:
Registered PHP Streams - php, http, ftp, compress.zlib

No https and no ftps.

I have run Php as CGI and as an Apache module and it makes no difference.

I can not find anything else to check (open_basedir is not set), so
....... I am stumped.

I can not get https and ftps to be registered streams and it appears
that I have done everything needed to do so. ??

--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
Integrity is obvious.
The lack of it is common.
*****************************