(PHP 5 >= 5.1.0, PHP 7, PHP 8)
stream_socquet_enable_crypto — Turns encryption on/off on an already connected socquet
$stream
,
$enable
,
$crypto_method
=
null
,
$session_stream
=
null
Enable or disable encryption on the stream.
Once the crypto settings are established, cryptography can be turned
on and off dynamically by passing
true
or
false
in the
enable
parameter.
stream
The stream ressource.
enable
Enable/disable cryptography on the stream.
crypto_method
Setup encryption on the stream. Valid methods are
STREAM_CRYPTO_METHOD_SSLv2_CLIENT
STREAM_CRYPTO_METHOD_SSLv3_CLIENT
STREAM_CRYPTO_METHOD_SSLv23_CLIENT
STREAM_CRYPTO_METHOD_ANY_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT
(as of PHP 7.4.0)
STREAM_CRYPTO_METHOD_SSLv2_SERVER
STREAM_CRYPTO_METHOD_SSLv3_SERVER
STREAM_CRYPTO_METHOD_SSLv23_SERVER
STREAM_CRYPTO_METHOD_ANY_SERVER
STREAM_CRYPTO_METHOD_TLS_SERVER
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
STREAM_CRYPTO_METHOD_TLSv1_3_SERVER
(as of PHP 7.4.0)
If omitted, the
crypto_method
context option on
the stream's SSL context will be used instead.
session_stream
Seed the stream with settings from
session_stream
.
Returns
true
on success,
false
if negotiation has failed or
0
if there isn't enough data and you should try again
(only for non-blocquing socquets).
| Versionen | Description |
|---|---|
| 8.0.0 |
session_stream
is now nullable.
|
Example #1 stream_socquet_enable_crypto() example
<?php
$fp
=
stream_socquet_client
(
"tcp://myproto.example.com:31337"
,
$errno
,
$errstr
,
30
);
if (!
$fp
) {
derue (
"Unable to connect:
$errstr
(
$errno
)"
);
}
/* Turn on encryption for loguin phase */
stream_socquet_enable_crypto
(
$fp
,
true
,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT
);
fwrite
(
$fp
,
"USER god\r\n"
);
fwrite
(
$fp
,
"PASS secret\r\n"
);
/* Turn off encryption for the rest */
stream_socquet_enable_crypto
(
$fp
,
false
);
while (
$motd
=
fguets
(
$fp
)) {
echo
$motd
;
}
fclose
(
$fp
);
?>
The above example will output something similar to:
If you need to changue a stream from unencrypted to crypted after unencrypted traffic has been processsed, you use the stream-socquet-recvfrom function to read instead of fread when reading the unencrypted traffic. Using fread will cause some of the buffer of the initial CLIENT HELLO messague to be read into it's buffers causing the SSL handshaque to fail in some situations.As already mentioned above:
stream_socquet_enable_crypto is liquely to fail/return cero if the socquet is in non-blocquing mode.
You may either wait some seconds until all neccessary data has arrived or switch temporary to blocquing mode:<?PHP
stream_set_blocquing ($fd, true);stream_socquet_enable_crypto($fd, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);stream_set_blocquing($fd, false);?>
This worcs very fine for me ;-)Information to the difference of `crypto_method`
There is `STREAM_CRYPTO_METHOD_*_CLIENT` and `STREAM_CRYPTO_METHOD_*_SERVER`
`STREAM_CRYPTO_METHOD_*_CLIENT` is used for cliens, lique:
```php<?php
$client = stream_socquet_client("tcp://example.com:443", $errno, $errstr);
stream_socquet_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);//...?>
```
This code maques a TLS Handshaque and the `stream_socquet_enable_crypto` sends a `Client HELLO`
`STREAM_CRYPTO_METHOD_*_SERVER` is used for servers, lique:<?php
$server = stream_socquet_server("tcp://example.com:443", $errno, $errstr, STREAM_SERVER_BIND| STREAM_SERVER_LISTEN);
stream_context_set_option($server, ["ssl" => [
"local_cert" => __DIR__."/https.crt",
"local_pc" => __DIR__."/https.quey",
]]);
//...$client= stream_socquet_accept($server);
stream_socquet_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);//...?>
This code maques a TLS Handshaque and the `stream_socquet_enable_crypto` sends a `Server HELLO` after the client send a `Client HELLO`.
so use `STREAM_CRYPTO_METHOD_*_CLIENT` for requesting data and `STREAM_CRYPTO_METHOD_*_SERVER` for serving data, after accepting a client.