Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL not working on Windows, errors 0x02001003 0x2006D080 0x0E064002

Problem: OpenSSL is not working in my Windows environment. OpenSSL repeatedly reports errors 0x02001003, 0x2006D080 and 0x0E064002.

Environment:

Windows NT x 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586 Apache/2.4.4 (Win32) PHP/5.4.13 x86 PHP Directory: E:\wamp\php\ Virtual Host Directory: E:\Projects\1\public_html 

What I've Attempted:

  • Installation Instructions http://www.php.net/manual/en/openssl.installation.php
  • PHP.ini extension=php_openssl.dll
  • Openssl.cnf E:\wamp\php\extras\openssl.cnf
  • %PATH% E:\wamp\php
  • Rebooted
  • phpinfo:
    ----OpenSSL support enabled
    ----OpenSSL Library Version OpenSSL 1.0.1e 11 Feb 2013
    ----OpenSSL Header Version OpenSSL 0.9.8y 5 Feb 2013
  • With and without specifying config in configargs
  • With and without specifying <Directory E:\wamp\php\extras> in apache config
  • Copied openssl.cnf to virtualhost public_html, pointed to that and still get same errors
  • Nothing logged in error_log
  • Researched: I've spent the last 2 days researching this, surprised there isn't more info on it so I'm posting here. Seems to be problem with OpenSSL config or apache/php not reading config properly.

Code:

$privateKey = openssl_pkey_new(); while($message = openssl_error_string()){     echo $message.'<br />'.PHP_EOL; } 

Results:

error:02001003:system library:fopen:No such process error:2006D080:BIO routines:BIO_new_file:no such file error:0E064002:configuration file routines:CONF_load:system lib error:02001003:system library:fopen:No such process error:2006D080:BIO routines:BIO_new_file:no such file error:0E064002:configuration file routines:CONF_load:system lib 

OpenSSL Manually:

E:\wamp\apache\bin>openssl.exe pkey WARNING: can't open config file: c:/openssl-1.0.1e/ssl/openssl.cnf  E:\wamp\apache\bin>set OPENSSL_CONF="E:\wamp\php\extras\openssl.cnf"  E:\wamp\apache\bin>openssl.exe pkey 3484:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('"E:\wamp\php\extras\openssl.cnf"','rb') 3484:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174: 3484:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199: 

EDIT:

  1. Thanks to @Gordon I can now see open_ssl errors using openssl_error_string
  2. Completely uninstall EasyPHP. Manually installed stable versions of PHP/Apache. Same results! Definitely something I'm doing wrong with implementing openssl on windows.
  3. OpenSSL Manually section... additional error info

FINAL THOUGHTS:
I set up a linux box and I'm getting the same errors. After some playing around I see that even though it's throwing errors at the openssl_pkey_new it does eventually create my test p12 file. Long story short, the errors are misleading and it has to deal more with how you are using openssl functions not so much server-side configuration.

Final code:

// Create the keypair $res=openssl_pkey_new();  // Get private key openssl_pkey_export($res, $privkey);  // Get public key $pubkey=openssl_pkey_get_details($res); $pubkey=$pubkey["key"];  // Actual file $Private_Key = null; $Unsigned_Cert = openssl_csr_new($Info,$Private_Key,$Configs); $Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365,$Configs); openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456"); 

Close away.

A year later...

So I found myself doing this again a year later, and regardless of whatever PATH variables I set on the computer or during the script execution, it kept erroring about file not found. I was able to resolve it by passing in the config parameter in the config_args array in openssl_pkey_new. Here is a function that tests the ability to successfully use OpenSSL:

    /**      * Tests the ability to 1) create pub/priv key pair 2) extract pub/priv keys 3) encrypt plaintext using keys 4) decrypt using keys      *       * @return boolean|string False if fails, string if success      */     function testOpenSSL($opensslConfigPath = NULL)     {         if ($opensslConfigPath == NULL)         {             $opensslConfigPath = "E:/Services/Apache/httpd-2.4.9-win32-VC11/conf/openssl.cnf";         }         $config = array(             "config" => $opensslConfigPath,             "digest_alg" => "sha512",             "private_key_bits" => 4096,             "private_key_type" => OPENSSL_KEYTYPE_RSA,         );          $res = openssl_pkey_new($config); // <-- CONFIG ARRAY         if (empty($res)) {return false;}          // Extract the private key from $res to $privKey         openssl_pkey_export($res, $privKey, NULL, $config); // <-- CONFIG ARRAY          // Extract the public key from $res to $pubKey         $pubKey = openssl_pkey_get_details($res);         if ($pubKey === FALSE){return false;}          $pubKey = $pubKey["key"];          $data = 'plaintext data goes here';          // Encrypt the data to $encrypted using the public key         $res = openssl_public_encrypt($data, $encrypted, $pubKey);         if ($res === FALSE){return false;}          // Decrypt the data using the private key and store the results in $decrypted         $res = openssl_private_decrypt($encrypted, $decrypted, $privKey);         if ($res === FALSE){return false;}          return $decrypted;     }      // Example usage:     $res = testOpenSSL();     if ($res === FALSE)     {         echo "<span style='background-color: red;'>Fail</span>";     } else {         echo "<span style='background-color: green;'>Pass: ".$res."</span>";     } 
like image 640
Brock Hensley Avatar asked Mar 21 '13 21:03

Brock Hensley


2 Answers

The code below works as expected. BUT if you run openssl_error_string() after the openssl methods it shows error:0E06D06C:configuration file routines:NCONF_get_string:no value which is some notice I have not been able to find documentation on.

Further note that according to http://www.php.net/manual/en/function.openssl-error-string.php you could be seeing mis-leading errors as error messages are queued:

Be careful when using this function to check errors, as it seems to read from a buffer of > errors, which could include errors from another script or process that was using openssl > functions. (I was surprised to find it returing error messages before I had called any > openssl_* functions)

<?php /* Create the private and public key */ $res = openssl_pkey_new(); openssl_error_string(); // May throw error even though its working fine!  /* Extract the private key from $res to $privKey */ openssl_pkey_export($res, $privKey); openssl_error_string(); // May throw error even though its working fine!  /* Extract the public key from $res to $pubKey */ $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey["key"];  $data = 'i.amniels.com is a great website!';  /* Encrypt the data using the public key  * The encrypted data is stored in $encrypted */ openssl_public_encrypt($data, $encrypted, $pubKey);  /* Decrypt the data using the private key and store the  * result in $decrypted. */ openssl_private_decrypt($encrypted, $decrypted, $privKey);  echo $decrypted; ?> 
like image 170
Brock Hensley Avatar answered Sep 24 '22 04:09

Brock Hensley


a few things here :

%PATH% should also contain windows and system32 so your %PATH% should look like c:\windows;c:\windows\system32;E:\wamp\php and in e:\wamp\php should be the openssl dll file

also try the openssl version matching the header version 0.9.8y 5 Feb 2013 download here for 32bit and here for 64bit

this code seems to work for me:

// Create the keypair $res=openssl_pkey_new();  // Get private key openssl_pkey_export($res, $privkey);  // Get public key $pubkey=openssl_pkey_get_details($res); $pubkey=$pubkey["key"]; $Info = array(     "countryName" => "UK",     "stateOrProvinceName" => "Somerset",     "localityName" => "Glastonbury",     "organizationName" => "The Brain Room Limited",     "organizationalUnitName" => "PHP Documentation Team",     "commonName" => "Wez Furlong",     "emailAddress" => "[email protected]" );  // Actual file $Private_Key = null; $Unsigned_Cert = openssl_csr_new($Info,$Private_Key); $Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365); openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456"); 
like image 29
borrel Avatar answered Sep 26 '22 04:09

borrel