php-fpm + FreeBSD 8.2 and SSL issue
55 views
Skip to first unread message
Przemysław Pawliczuk
Jul 20, 2012, 5:11:10 PM7/20/12
to highloa...@googlegroups.com
I'm wondering what's going on with my php-fpm instance.
Compiled the PHP 5.4 from ports and everything works okay except the one thing. If I want to use a SSL transport via socket (no matters which method - just a SSL encryption) the interpreter throws me something weird. In this example I'm trying to send an e-mail via GMail's SMTP (which works only on secured SMTP port):
PHP Warning: fsockopen(): SSL: Unknown error: 0 in /...
PHP Warning: fsockopen(): Failed to enable crypto in /...
PHP Warning: fsockopen(): unable to connect to ssl://smtp.gmail.com:587 (Unknown error) in /...
PHP Warning: fsockopen(): Failed to enable crypto in /...
PHP Warning: fsockopen(): unable to connect to ssl://smtp.gmail.com:587 (Unknown error) in /...
SSL appears in phpinfo's registered streams list. Even OpenSSL library on enabled modules. But I have no idea why it's failing to establish a secured connection to any server... For example, fsockopen returns false with no error message...
I've upgraded the ports tree and recompiled PHP. OpenSSL as well but still no idea. I set firewall_type="open" and nothing changed.
Been googling some time for this issue. Unfortunately found nothing.
Some info about env:
- FreeBSD 8.2 x86_64
- PHP-FPM 5.4
- pool configured with a chrooted environment
Resulting ./configure command: http://www.nopaste.pl/1e2x
Any ideas?
Maciej Lisiewski
Jul 21, 2012, 4:13:40 AM7/21/12
to highloa...@googlegroups.com
Most likely it's an issue with chroot - some of the files needed by SSL
are outside it.
For testing purposes try running the same config without chroot and see
if it works.
--
Maciej Lisiewski
are outside it.
For testing purposes try running the same config without chroot and see
if it works.
--
Maciej Lisiewski
Rainer Duffner
Jul 21, 2012, 7:32:57 AM7/21/12
to highloa...@googlegroups.com
Am 21.07.2012 um 10:13 schrieb Maciej Lisiewski:
> Most likely it's an issue with chroot - some of the files needed by SSL are outside it.
> For testing purposes try running the same config without chroot and see if it works.
(And, of course, a jail-like cut-down /dev directory with null, random, urandom and zero.)
The default file from the systems /etc/ssl is OK, it just has to exist. Otherwise, SSL doesn't have any usable default values and apparently, that's bad.
Przemysław Pawliczuk
Jul 22, 2012, 2:36:10 PM7/22/12
to highloa...@googlegroups.com
I've tried earlier with mounting /usr and /lib directories using mount_nullfs within jailed directory.
Now I followed your advices with /etc and /dev tree nodes but still no changes.
But furthermore ktraced the particullar php-fpm process: http://www.nopaste.pl/1e4k
(stripped the paths and browser's request headers)
No idea what to do further...
Thanks in advance.
2012/7/21 Rainer Duffner <rai...@ultra-secure.de>
Rainer Duffner
Jul 22, 2012, 2:41:51 PM7/22/12
to highloa...@googlegroups.com
Am 22.07.2012 um 20:36 schrieb Przemysław Pawliczuk:
I've tried earlier with mounting /usr and /lib directories using mount_nullfs within jailed directory.Now I followed your advices with /etc and /dev tree nodes but still no changes.But furthermore ktraced the particullar php-fpm process: http://www.nopaste.pl/1e4k(stripped the paths and browser's request headers)No idea what to do further...
Is it just me (and Safari) or is the text of that pastie almost completely unreadable?
Reply all
Reply to author
Forward
0 new messages