2

I am trying to connect to the Nominet EPP test bed, but I am receiving a 'Failed to enable crypto' which seems to be a rare error with no documented solution or cause.

With the line:

$socket = fsockopen('ssl://testbed-epp.nominet.org.uk', 700, $errno, $errst, 10);

The exact error I am getting is:

Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in /path/classes/nominet_epp.class.php on line 53

Warning: fsockopen() [function.fsockopen]: unable to connect to ssl://testbed-epp.nominet.org.uk:700 (Unknown error) in /path/classes/nominet_epp.class.php on line 53

As far as I can tell OpenSSL is installed with PHP fine, as per this in our phpinfo():

OpenSSL support     enabled
OpenSSL Version     OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

The Nominet docs briefly mention "In order to verify the identity of the secure server you will need the Verisign Class 3 Public Primary Certification Authority' root certificate available free from www.verisign.com (the certificate is also distributed with most web browsers). - This could possibly be the issue?

Update As requested, I have var_dump'd the error values as well as $socket itself, they are all false/0. The fsockopen PHP docs states "If the value returned in errno is 0 and the function returned FALSE, it is an indication that the error occurred before the connect() call. This is most likely due to a problem initializing the socket."

Any help would be greatly appreciated.

Dunhamzzz
  • 14,682
  • 4
  • 50
  • 74
  • Can you please print `$errno` and `$errst`? – Stefan Gehrig Mar 31 '11 at 11:22
  • I've just var_dumped $socket, $errst and $errno and they are false, empty and 0 respectively. Bizarre. – Dunhamzzz Mar 31 '11 at 12:55
  • Can you try `openssl s_client -ssl3 -crlf -connect testbed-epp.nominet.org.uk:700` on the console? – Stefan Gehrig Mar 31 '11 at 13:12
  • Returns: 1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: – Dunhamzzz Mar 31 '11 at 13:14
  • Seems to be a problem with your OpenSSL or the remote system... Can you exclude that option? – Stefan Gehrig Mar 31 '11 at 13:20
  • I'm not sure what you mean, is there another service I could fsockopen into just to eliminate my server being the problem? Could it possibly be the certificate as mentioned above? I haven't done anything to do with root certs but supposedly I need one. – Dunhamzzz Mar 31 '11 at 13:36
  • The error `openssl` returns doesn't indicate a certificate problem. The connections stalls even before exchanging the certificates. Perhaps you should try to connect to a regular SSL website with `ssl://maps.google.com` on port 443. – Stefan Gehrig Mar 31 '11 at 13:43
  • That worked fine, I can only assume it is Nominet. I will contact them, many thanks for your help up to this point. – Dunhamzzz Mar 31 '11 at 13:50

1 Answers1

3

I had exactly the same issue and it was down to the Nominet Firewall not being updated with the correct IP address. When you set this up in the Nominet control panel you need to wait an hour for their firewalls to fully update - once this is done the connection works fine.

Spencer Collins
  • 46
  • 1