Best IT Recipes

OpenSSL does not work on Windows, errors 0x02001003 0x2006D080 0x0E064002

Problem: OpenSSL does not work in my Windows environment. OpenSSL repeatedly reports errors 0x02001003, 0x2006D080 and 0x0E064002.

Environment:

Windows NT x 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586 Apache/2.4.4 (Win32) PHP/5.4.13 x86 PHP Directory: E:\wamp\php\ Virtual Host Directory: E:\Projects\1\public_html

What I tried:

  • Installation Instructions http://www.php.net/manual/en/openssl.installation.php
  • PHP.ini extension=php_openssl.dll
  • Openssl.cnf E:\wamp\php\extras\openssl.cnf
  • % PATH% E:\wamp\php
  • reboots
  • phpinfo:
    ---- OpenSSL support included
    ---- OpenSSL Library Version OpenSSL 1.0.1e Feb 11, 2013
    ---- OpenSSL OpenSSL Header Version 0.9.8y February 5, 2013
  • With and without config in configargs
  • With and without <Directory E:\wamp\php\extras> in the apache configuration
  • Copied openssl.cnf in virtualhost public_html, pointed this out and still getting the same errors
  • Nothing logged error_log
  • Researched: I spent the last 2 days researching this, surprised that there is no more information on it, so I am posting here. The problem seems to be related to the OpenSSL or apache / php configuration, which reads the configuration incorrectly.

The code:

 $privateKey = openssl_pkey_new(); while($message = openssl_error_string()){ echo $message.'<br />'.PHP_EOL; }

Results:

 error:02001003:system library:fopen:No such process error:2006D080:BIO routines:BIO_new_file:no such file error:0E064002:configuration file routines:CONF_load:system lib error:02001003:system library:fopen:No such process error:2006D080:BIO routines:BIO_new_file:no such file error:0E064002:configuration file routines:CONF_load:system lib

OpenSSL Manually:

 E:\wamp\apache\bin>openssl.exe pkey WARNING: can't open config file: c:/openssl-1.0.1e/ssl/openssl.cnf E:\wamp\apache\bin>set OPENSSL_CONF="E:\wamp\php\extras\openssl.cnf" E:\wamp\apache\bin>openssl.exe pkey 3484:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('"E:\wamp\php\extras\openssl.cnf"','rb') 3484:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174: 3484:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:

EDIT:

  • Thanks to @Gordon, I can now see open_ssl errors with openssl_error_string
  • Completely remove EasyPHP. Manually installed stable versions of PHP / Apache. The same results! Definitely something I am doing wrong with the implementation of openssl in windows.
  • OpenSSL Manual section ... more error information

FINAL THOUGHTS:
I installed linux box and I get the same errors. After some games, I see that although it throws errors in openssl_pkey_new, it eventually creates my test file p12. In short, errors are misleading, and he has to deal more with how you use openssl functions, not much server-side configuration.

End Code:

 // Create the keypair $res=openssl_pkey_new(); // Get private key openssl_pkey_export($res, $privkey); // Get public key $pubkey=openssl_pkey_get_details($res); $pubkey=$pubkey["key"]; // Actual file $Private_Key = null; $Unsigned_Cert = openssl_csr_new($Info,$Private_Key,$Configs); $Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365,$Configs); openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");

To close.

In a year...

Thus, I found myself doing it again a year later, and regardless of any PATH variables that I set on the computer or during the execution of the script, it did not detect an error in the file. I was able to resolve it by passing the config parameter in the config_args array to openssl_pkey_new . Here is a function that tests the possibility of using OpenSSL successfully:

  /** * Tests the ability to 1) create pub/priv key pair 2) extract pub/priv keys 3) encrypt plaintext using keys 4) decrypt using keys * * @return boolean|string False if fails, string if success */ function testOpenSSL($opensslConfigPath = NULL) { if ($opensslConfigPath == NULL) { $opensslConfigPath = "E:/Services/Apache/httpd-2.4.9-win32-VC11/conf/openssl.cnf"; } $config = array( "config" => $opensslConfigPath, "digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA, ); $res = openssl_pkey_new($config); // <-- CONFIG ARRAY if (empty($res)) {return false;} // Extract the private key from $res to $privKey openssl_pkey_export($res, $privKey, NULL, $config); // <-- CONFIG ARRAY // Extract the public key from $res to $pubKey $pubKey = openssl_pkey_get_details($res); if ($pubKey === FALSE){return false;} $pubKey = $pubKey["key"]; $data = 'plaintext data goes here'; // Encrypt the data to $encrypted using the public key $res = openssl_public_encrypt($data, $encrypted, $pubKey); if ($res === FALSE){return false;} // Decrypt the data using the private key and store the results in $decrypted $res = openssl_private_decrypt($encrypted, $decrypted, $privKey); if ($res === FALSE){return false;} return $decrypted; } // Example usage: $res = testOpenSSL(); if ($res === FALSE) { echo "<span style='background-color: red;'>Fail</span>"; } else { echo "<span style='background-color: green;'>Pass: ".$res."</span>"; }
+45
php apache openssl apache2 easyphp
Mar 21 '13 at 21:17
source share
8 answers

The code below works as expected. BUT, if you run openssl_error_string() after the openssl methods, it shows error:0E06D06C:configuration file routines:NCONF_get_string:no value , which is some notification I could not find about.

Please note that according to http://www.php.net/manual/en/function.openssl-error-string.php you can see error errors, because error messages are queued:

Be careful when using this function to check for errors, as it appears to be reading from the buffer from> errors, which may include errors from another script or process that uses the openssl> functions. (I was surprised to find that he was saving error messages before I called any functions> openssl_ *)

 <?php /* Create the private and public key */ $res = openssl_pkey_new(); openssl_error_string(); // May throw error even though its working fine! /* Extract the private key from $res to $privKey */ openssl_pkey_export($res, $privKey); openssl_error_string(); // May throw error even though its working fine! /* Extract the public key from $res to $pubKey */ $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey["key"]; $data = 'i.amniels.com is a great website!'; /* Encrypt the data using the public key * The encrypted data is stored in $encrypted */ openssl_public_encrypt($data, $encrypted, $pubKey); /* Decrypt the data using the private key and store the * result in $decrypted. */ openssl_private_decrypt($encrypted, $decrypted, $privKey); echo $decrypted; ?>
+5
Mar 26 '13 at 20:36
source share
— -

a few things here:

%PATH% should also contain windows and system32, so your% PATH% should look like c:\windows;c:\windows\system32;E:\wamp\php , and in e:\wamp\php should be an openssl dll file

also try the openssl version corresponding to the header version 0.9.8y 5 Feb 2013 download here for 32bit and here for 64-bit

this code works for me:

 // Create the keypair $res=openssl_pkey_new(); // Get private key openssl_pkey_export($res, $privkey); // Get public key $pubkey=openssl_pkey_get_details($res); $pubkey=$pubkey["key"]; $Info = array( "countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "wez@example.com" ); // Actual file $Private_Key = null; $Unsigned_Cert = openssl_csr_new($Info,$Private_Key); $Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365); openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");
+4
Jul 01 '13 at 16:36
source share

I had a similar problem, for me it helped set the environment variable "OPENSSL_CONF" manually at the beginning of my script.

Somehow the environment variable was set incorrectly or did not go to my php (Setup: AMPPS, Win7 64Bit).

The example location below is the path you should use with a standard AMPPS installation, so if you are using AMPPS just copy and paste:

 putenv("OPENSSL_CONF=C:\Program Files (x86)\Ampps\php\extras\openssl.cnf");
+2
Oct. 20 '13 at 10:50
source share

Did you install OpenSSL with this method? Install OpenSSL on Windows

  • Go to http://gnuwin32.sourceforge.net/packages/openssl.htm and download the version of "Binaries" "Setup", openssl-0.9.7c-bin.Exe.

  • Double-click the openssl-0.9.7c-bin.exe file to set the OpenSSL directory to \ local \ gnuwin32.

  • Return to the same page, download the “Setup” version of the “Documentation” and install it in the same directory.

  • Open a command prompt and try the following command: Code:

  \local\gnuwin32\bin\openssl -help openssl:Error: '-help' is an invalid command. Standard commands asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam enc engine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac verify version x509 ......

If you see a list of commands printed by OpenSSL, you know that your installation was completed correctly.

+1
Jun 07 '13 at 17:41
source share

If you are using Apache 2.4 + mod_fcgid, you can specify the conf file in OpenSSL by adding FcgidInitialEnv to the httpd.conf file:

 # OPENSSL CONF FcgidInitialEnv OPENSSL_CONF "D:/apps/php70/extras/ssl/openssl.cnf"

I do not use a pre-configured package such as WAMP, I have Apache from Apache Lounge and PHP from windows.php.net and configured by me.

+1
Dec 12 '15 at 11:42
source share

Pure solution:

  • Download the archive (not matte) for the Windows PHP binaries: http://windows.php.net/download
  • Inside the file is the file /extras/ssl/openssl.cnf
  • Extract openssl.cnf somewhere (e.g. "C: /WEB/PHP/extras/ssl/openssl.cnf")
  • Add the global system variable OPENSSL_CONF with your path used (for example, "C: \ WEB \ PHP \ extras \ openssl.cnf" (without double quotes)).

enter image description here

You must add the path to the OPENSSL_CONF system variable. Adding it to the Path system variable is not enough! In Windows 7, you will find the settings dialog under "Control Panel> System and Security> System> Advanced System Settings (left menu)> Advanced (tab)> Environment Variables ...". Add the OPENSSL_CONF variable OPENSSL_CONF .

No need to prepare the openssl.cnf file before use - it will work out of the box. But you can, if you want to fine-tune the settings.

+1
Aug 09 '16 at 4:03
source share

In my case, copying files to c: \ windows \ system32 helped me

libeay32.dll, ssleay32.dll

They can be found in OpenSSL_INSTALL_PATH \ bin.

0
Oct. 14 '14 at 18:07
source share

May I suggest using a Virtual Block , create a virtual machine, and install the LAMP stack. This will give you a “more real” environment. Like troubleshooting, OpenSSL is easier on Linux.

With that said, I believe that your problem is that you cannot find the plugin file itself. Make sure that it lives on the right path and exists on your computer, and the Apache process works under the rights to read it.

-one
Jun 19 '13 at 21:00
source share


More articles:


All Articles