1

I got following code..

<?php
error_reporting(E_ALL);
ini_set('display_errors',1);

$keystore = '/var/www/html/key.pem';
$url = 'https://myurl';
$keystorepassword = '123';

$key2 = "/var/www/html/public.pem";


$handler = fopen($key2, "r"); 
$kkey = fread($handler, 8192);
fclose($handler);
$pubkey = openssl_get_publickey($kkey);
openssl_free_key($pubkey);


$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, TRUE);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
//curl_setopt($curl, CURLOPT_SSLVERSION,3);
curl_setopt($curl, CURLOPT_SSLCERT, $keystore);
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $keystorepassword);
curl_setopt($curl, CURLOPT_POSTFIELDS, 'data');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$result =curl_exec ($curl);
var_dump($result);
if(curl_error($curl)){
    $result = curl_error($curl);
    var_dump($result);
}
curl_close ($curl);
?>

And it returns "unable to use client certificate (no key found or wrong pass phrase?)". If i comment line "$pubkey = openssl_get_publickey($kkey);", then curl works fine. Is there any chance, that "something" stays in memory and curl uses it?

jww
  • 97,681
  • 90
  • 411
  • 885
user3564666
  • 41
  • 1
  • 3
  • Maybe the file is getting opened and thus inaccessible to your other code? – Noam Rathaus Jan 01 '15 at 08:51
  • Openssl is very sensitive on file permission of keys, and you placing them under/var/www looks like a recepie for a disaster – Noam Rathaus Jan 01 '15 at 08:51
  • Both pem files is accessable. And both functionality (openssl_get_public_key and curl) works if they are not called in same "page load". – user3564666 Jan 03 '15 at 12:11
  • This makes me believe one is locking the file when you open it to prevent a race condition or some other "dirty" tick. – Noam Rathaus Jan 04 '15 at 13:10
  • There are 2 different pem files, so openssl_get_public_key doesnt touch key which is used by curl and vice versa. Seems openssl_get_public_key writes something somewhere, and curl uses it. – user3564666 Jan 04 '15 at 17:27

0 Answers0