PKI Tutorials - Herong's Tutorial Examples

∟PHP Scripts Communicating with HTTPS Servers

∟Testing OpenSSL with stream_socket_client()

This section provides a tutorial example on how to test the PHP OpenSSL module with the stream_socket_client() function, which allows you to open a socket connection to a remote computer with the secure TLS protocol and SSL stream context options.

In earlier tutorials, we have tests file_get_contents() and fopen() functions with SSL stream context options.

Now let's take a look at another function, stream_socket_client(), that can take SSL stream context options.

<?php 
# OpenSSL_stream_socket_client.php
#- Copyright (c) 2010-2018 HerongYang.com. All Rights Reserved.
#
$script = array_shift($argv);
$url = array_shift($argv);
$cert = array_shift($argv);

$timeout = 5; # in seconds
$flags = STREAM_CLIENT_CONNECT;
$context = stream_context_create(array(
  'ssl' => array(
    'verify_peer' => true,
    'cafile' => $cert
  )
));

$handle = stream_socket_client($url, $errno, $errmsg, $timeout, 
  $flags, $context);
print(fgets($handle)."\n");
?>

1. Run this example code to the SSH port 20 on a local network computer. Regular TCP protocol is used. No CA certificate is needed.

herong$ php OpenSSL_stream_socket_client.php tcp://192.168.1.100:22

SSH-2.0-OpenSSH_8.0

2. Run this example code to the SMTP port 25 on a local network computer. Regular TCP protocol is used. No CA certificate is needed.

herong$ php OpenSSL_stream_socket_client.php tcp://192.168.1.100:25 

220 mail.herong.home ESMTP Postfix

3. Run this example code to the FTP port 21 on a local network computer. It fails, because the remote computer is not serving that port.

herong$ php OpenSSL_stream_socket_client.php tcp://192.168.1.100:21

PHP Warning:  fsockopen(): unable to connect to tcp://192.168.1.100:21 
  (Connection refused) 

4. Run this example code to the SMTPS port 465 on Yahoo mail server, using the secure TLS protocol. It fails, because no CA certificate is provided.

herong$ php OpenSSL_stream_socket_client.php tls://smtp.mail.yahoo.com:465 

PHP Warning:  stream_socket_client(): Filename cannot be empty 
PHP Warning:  failed loading cafile stream: '' 
  in OpenSSL_stream_socket_client.php on line 19

5. Run this example code to the SMTPS port 465 on Yahoo mail server, using the secure TLS protocol. It fails, because wrong CA certificate is provided.

herong$ php OpenSSL_stream_socket_client.php tls://smtp.mail.yahoo.com:465 \
  my-self-signed.crt 

PHP Warning:  stream_socket_client(): SSL operation failed with code 1. 
  OpenSSL Error messages:
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:
    certificate verify failed 

6. Run this example code to the SMTPS port 465 on a local network computer. It fails, because wrong CA certificate is provided.

herong$ php OpenSSL_stream_socket_client.php tls://192.168.1.100:465 \
  yahoo.crt 

PHP Warning:  stream_socket_client(): SSL operation failed with code 1. 
  OpenSSL Error messages:
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:
    certificate verify failed in OpenSSL_TLS_fsockopen.php on line 16

7. Run this example code to the SMTPS port 465 on a local network computer. It fails, because the CA certificate contains CN='mail.herong.home', which does not match with host name in the URL.

herong$ php OpenSSL_stream_socket_client.php tls://192.168.1.100:465 \
  my-self-signed.crt 

HP Warning:  stream_socket_client(): 
  Peer certificate CN='mail.herong.home' did not match 
  expected CN='192.168.1.200' 

8. Run this example code to the SMTPS port 465 on a local network computer. A new self-signed certificate with CN='192.168.1.100' is installed. The example code works perfectly.

herong$ php OpenSSL_stream_socket_client.php tls://192.168.1.100:465 \
  192-168-1-100.crt 

220 mail.herong.home ESMTP Postfix

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

 macOS Certificate Stores and Keychain Access

 Perl Scripts Communicating with HTTPS Servers

►PHP Scripts Communicating with HTTPS Servers

 Configuring PHP OpenSSL on Windows

 Testing OpenSSL with file_get_contents()

 OpenSSL Configuration Errors

 SSL Context Options for OpenSSL

 Asking OpenSSL to Verify Server's Certificate

 OpenSSL Failing to Verify Server's Certificate

 Multiple CA Certificates in a Single File

 Testing OpenSSL with fopen()

 Testing OpenSSL with fsockopen()

 Adding CA Certificates for the PHP Engine

►Testing OpenSSL with stream_socket_client()

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB

Testing OpenSSL with stream_socket_client() - Updated in 2022, by Herong Yang