21

I'm running PHP 5.2.6 on Windows, I have extension=php_curl.dll and extension=php_openssl.dll uncommented in php.ini; as such I can see the following in phpinfo:

curl
cURL support        enabled
cURL Information    libcurl/7.16.0 OpenSSL/0.9.8g zlib/1.2.3

openssl
OpenSSL support     enabled
OpenSSL Version     OpenSSL 0.9.8g 19 Oct 2007

I'm not sure that having cURL enabled is vital to this, but since it mentioned OpenSSL I thought I'd include it here anyway for completeness.

What I want to do is simple: make a POST request to another server over SSL using fsockopen.
My code so far is this:

$host = 'www.redacted.com';
$data = 'user=redacted&pass=redacted&action=redacted';
$response = "";

if ( $fp = fsockopen("ssl:{$host}", 443, $errno, $errstr, 30) ) {

    $msg  = 'POST /wsAPI.php HTTP/1.1' . "\r\n";
    $msg .= 'Content-Type: application/x-www-form-urlencoded' . "\r\n";
    $msg .= 'Content-Length: ' . strlen($data) . "\r\n";
    $msg .= 'Host: ' . $host . "\r\n";
    $msg .= 'Connection: close' . "\r\n\r\n";
    $msg .= $data;
    if ( fwrite($fp, $msg) ) {
        while ( !feof($fp) ) {
            $response .= fgets($fp, 1024);
        }
    }
    fclose($fp);

} else {
    $response = false;
}

This works fine of course if I just pass in $host and use port 80. But I really need to send this over SSL, and right now it's not working. $response gets set to false, $errno stays at 0, and $errstr gets set to php_network_getaddresses: getaddrinfo failed: No such host is known.. I know that it's not an issue of the server being down, or a typo in the host name, etc., because it DOES work if I go over port 80 unsecurely. The problems only start when I try to switch to SSL.

What do I do to get this working?

soapergem
  • 9,263
  • 18
  • 96
  • 152
  • Not really related to the answer, but have you considered using the tls protocol instead? TLSv1 is essentially the fourth version of SSL, and has widely replaced it as the de facto SSL implementation. – Powerlord Nov 23 '09 at 16:15
  • Just a comment to make sure that readers know that TLSv1.0 was deprecated for not being very secure, as well as all versions of SSL. See https://en.wikipedia.org/wiki/Transport_Layer_Security . – David Spector Nov 18 '19 at 18:51
  • @DavidSpector True, but I'd hope people would use newer versions of TLS given that this question turned 10 years old today. TLS 1.3 is the latest, which would effectively be the seventh version of SSL. – Powerlord Nov 18 '19 at 20:51
  • A more general problem to solve is how to eliminate information published on the Web which was once good but has turned bad over time. I can't think of a good solution, but I have the feeling that a good solution is possible. – David Spector Nov 19 '19 at 21:26

1 Answers1

61

This may sound obvious, but have you tried this instead?

if ($fp = fsockopen('ssl://'. $host, 443, $errno, $errstr, 30)) {

I'm not sure if the // is required or not, but the ssl and tls examples on the PHP Internet Transports page have them.

P.S. I also have a "thing" about included variables in strings, in case you're wondering why it uses string concatenation now.

Kerem
  • 11,377
  • 5
  • 59
  • 58
Powerlord
  • 87,612
  • 17
  • 125
  • 175
  • Gosh I feel like such an idiot. All it took was this! Thank you so much. And I don't mind the pet peeve about included vs concatenated variables. We all have our quirks. – soapergem Nov 23 '09 at 17:28
  • This did not work for me in a different application: sending an email. It works when I send insecure and the server accepts insecure sending, but not if I make these changes to the scheme and port. I get an infinite loop. – David Spector Nov 18 '19 at 18:56
  • Stupid me. My port was 25, so the secure port for email has to be 465, not 443. With this change my code sent an email successfully (with my server set to secured). I have edited this answer. – David Spector Nov 18 '19 at 19:08
  • @DavidSpector For email, it's one of those questions about whether the server supports TLS over SMTP or if it supports SMTPS instead. The former is on port 25 and the latter is on port 465. – Powerlord Nov 18 '19 at 20:56
  • Port 25 (insecure access to a mailserver) should NEVER be used anymore. It exposes your mailserver to compromise by malicious users and provides little or no benefit. I agree with the Let's Encrypt project that the entire Web (and email) should be made secure. – David Spector Nov 19 '19 at 21:23