Free certificate from Comodo and PHP stream_socket_server



  • There is a free SSL certificate from Comodo in crt format. However, the stream_socket_server in php only understands in the format of *.pem of the convertation team, issues:

    root@noc:/usr/local/www/apache24/ssl/data/service # openssl x509 -inform der -in noc_wdwedwe_ru.crt -out noc_wdwedwe_ru.pem
    unable to load certificate
    34379270664:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:1201:
    34379270664:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:374:Type=X509
    

    It's necessary to raise a websocket server with a connection: a server on php PO-ME Javascript in the browser, without swearing on a self-signature certificate.

    Code at php:

    $ip="noc.wdwedwe.ru";             
    $port="8100"; 
    $pem_file = "noc_wdwedwe_ru.pem";     
    $context = stream_context_create();
     stream_context_set_option($context, 'ssl', 'local_cert', $pem_file);  // Our SSL Cert in PEM format        
     stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
     stream_context_set_option($context, 'ssl', 'verify_peer', false);
     stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
     stream_context_set_option($context, 'ssl', 'ciphers', 'ALL'); 
     $socket = stream_socket_server("ssl://{$ip}:{$port}", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); 
    stream_socket_enable_crypto($socket, false);    
    $socket = setupTcpStreamServer($pem_file, $pem_passphrase, $ip, $port);    
    if (!$socket) {die("$errstr ($errno)\n");}
    echo "--демон сервера стартовал\n";
    $connects = array();
    

    while (true) {
    //формируем массив прослушиваемых сокетов:
    $read = $connects;
    $read []= $socket;
    $write = $except = null;
    if (!stream_select($read, $write, $except, null)) {break;}
    if (in_array($socket, $read)) {
    $connect = stream_socket_accept($socket, -1);
    if ($connect==true){
    $info = handshakeSocket($connect);
    if ($info==true){
    $connects[] = $connect;//добавляем его в список необходимых для обработки
    onOpen($connect, $info);//вызываем пользовательский сценарий
    };
    };

        unset($read[ array_search($socket, $read) ]);
    }
    foreach($read as $connect) {//обрабатываем все соединения
        $data = fread($connect, 100000);
        if (!$data) { //соединение было закрыто 
            fclose($connect);
            unset($connects[ array_search($connect, $connects) ]);
            onClose($connect);//вызываем пользовательский сценарий
            continue;
        }
        onMessage($connect, $data,$info);//вызываем пользовательский сценарий
    }
    

    }



  • Maybe it's a mistake because der is not a format comparable to crt? der is a binary format, so it can't be loaded to convert your crt file. Try a command envelope:

    openssl x509 -in noc_wdwedwe_ru.crt -out noc_wdwedwe_ru.pem
    

    And crt and pem are identical. It's just that pem can put a key and some sort of one-on-one certificates in the first place. In your case, as there is no separate key file and one certificate, the pem file will be fully identified with the crt file. I mean, it's gonna be a simple change in the name of the expansion of the crt file to the pem.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2