(PHP 5 >= 5.1.0, PHP 7, PHP 8)
stream_socket_enable_crypto — Liga ou desliga criptografia em socket já conectado
$stream,$enable,$crypto_method = null,$session_stream = nullLiga ou desliga criptografia no fluxo.
Assim que as configurações de criptografia estiverem estabelecidos, a criptografia pode
ser ligada e desligada dinamicamente passando-se true ou false no parâmetro
enable.
streamO recurso representando o fluxo.
enableLigar/desligar criptografia no fluxo.
crypto_methodConfigura a criptografia no fluxo. Métodos válidos são:
STREAM_CRYPTO_METHOD_SSLv2_CLIENTSTREAM_CRYPTO_METHOD_SSLv3_CLIENTSTREAM_CRYPTO_METHOD_SSLv23_CLIENTSTREAM_CRYPTO_METHOD_ANY_CLIENTSTREAM_CRYPTO_METHOD_TLS_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_0_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_1_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_2_CLIENTSTREAM_CRYPTO_METHOD_TLSv1_3_CLIENT (a partir do PHP 7.4.0)STREAM_CRYPTO_METHOD_SSLv2_SERVERSTREAM_CRYPTO_METHOD_SSLv3_SERVERSTREAM_CRYPTO_METHOD_SSLv23_SERVERSTREAM_CRYPTO_METHOD_ANY_SERVERSTREAM_CRYPTO_METHOD_TLS_SERVERSTREAM_CRYPTO_METHOD_TLSv1_0_SERVERSTREAM_CRYPTO_METHOD_TLSv1_1_SERVERSTREAM_CRYPTO_METHOD_TLSv1_2_SERVERSTREAM_CRYPTO_METHOD_TLSv1_3_SERVER (a partir do PHP 7.4.0)
Se omitido, a opção de contexto crypto_method no
contexto SSL do fluxo será usado.
session_stream
Alimenta o fluxo com as configurações de session_stream.
Retorna true em caso de sucesso, false se a negociação falhar ou
0 se não houver dados suficientes levando a uma nova tentativa
(apenas para sockets em modo de não-bloqueio).
| Versão | Descrição |
|---|---|
| 8.0.0 |
session_stream agora pode ser nulo.
|
Exemplo #1 Exemplo de stream_socket_enable_crypto()
<?php
$fp = stream_socket_client("tcp://myproto.example.com:31337", $errno, $errstr, 30);
if (!$fp) {
die("Não foi possível conectar: $errstr ($errno)");
}
/* Liga criptografia para a fase de autenticação */
stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);
fwrite($fp, "USER god\r\n");
fwrite($fp, "PASS secret\r\n");
/* Desliga a criptografia para o restante */
stream_socket_enable_crypto($fp, false);
while ($motd = fgets($fp)) {
echo $motd;
}
fclose($fp);
?>O exemplo acima produzirá algo semelhante a:
If you need to change a stream from unencrypted to crypted after unencrypted traffic has been processed, you use the stream-socket-recvfrom function to read instead of fread when reading the unencrypted traffic. Using fread will cause some of the buffer of the initial CLIENT HELLO message to be read into it's buffers causing the SSL handshake to fail in some situations.As already mentioned above:stream_socket_enable_crypto is likely to fail/return zero if the socket is in non-blocking mode.You may either wait some seconds until all neccessary data has arrived or switch temporary to blocking mode:<?PHP stream_set_blocking ($fd, true); stream_socket_enable_crypto ($fd, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); stream_set_blocking ($fd, false);?>This works very fine for me ;-)Information to the difference of `crypto_method`There is `STREAM_CRYPTO_METHOD_*_CLIENT` and `STREAM_CRYPTO_METHOD_*_SERVER``STREAM_CRYPTO_METHOD_*_CLIENT` is used for clients, like:```php<?php$client = stream_socket_client("tcp://example.com:443", $errno, $errstr);stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);//...?>```This code makes a TLS Handshake and the `stream_socket_enable_crypto` sends a `Client HELLO``STREAM_CRYPTO_METHOD_*_SERVER` is used for servers, like:<?php$server = stream_socket_server("tcp://example.com:443", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN);stream_context_set_option($server, ["ssl" => [ "local_cert" => __DIR__."/https.crt", "local_pk" => __DIR__."/https.key",]]);//...$client = stream_socket_accept($server);stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);//...?>This code makes a TLS Handshake and the `stream_socket_enable_crypto` sends a `Server HELLO` after the client send a `Client HELLO`.so use `STREAM_CRYPTO_METHOD_*_CLIENT` for requesting data and `STREAM_CRYPTO_METHOD_*_SERVER` for serving data, after accepting a client.