search

varspool / Wrench

A simple PHP WebSocket implementation for PHP 7.1
Do What The F*ck You Want To Public License
596 stars 210 forks source link

SSL problem #58

Closed X4V18 closed 9 years ago

X4V18 commented 10 years ago

There is a problem in the code for the SSL, I created an auto-signed certificate and generated an .pem file. I try your example application Echo, it seems to contain problem in the code for ssl. Here's my code :

require_once 'D:\wamp\www\PrivateChat\lib\SplClassLoader.php';
$classLoader = new SplClassLoader("Wrench", "D:\wamp\www\PrivateChat\lib\\");
$classLoader->register();

use Wrench\BasicServer;

$server = new \Wrench\Server('wss://localhost:12345', array(
    'connection_manager_options' => array(
        'socket_master_options' => array(
            'server_ssl_cert_file' => 'D:\wamp\www\PrivateChat\cert\certificat.pem',
            'server_ssl_passphrase' => 'xavier2014epfctfe',
            'server_ssl_allow_self_signed' => true,
            'server_ssl_verify_peer' => false,
        ),
    )
));

$server->registerApplication('echo', new Wrench\Application\EchoApplication());
$server->run();

Client : 

        websocket = new WebSocket("wss://localhost:12345/echo");
        websocket.onopen = function(ev) {
            alert('Connected');
        };

Errors:

*PHP Warning: stream_socket_accept(): failed to create an SSL handle in D:\wamp\ www\PrivateChat\lib\Wrench\Socket\ServerSocket.php on line 87

*PHP Warning: socket_last_error() expects parameter 1 to be resource, boolean gi ven in D:\wamp\www\PrivateChat\lib\Wrench\Socket\ServerSocket.php on line 90

*err: Socket error: exception 'Wrench\Exception\ConnectionException' with message 'Operation complete. ' in D:\wamp\www\PrivateChat\lib\Wrench\Socket\ServerSocket.php:90

r3wt commented 10 years ago

If you are using nginx, haproxy, or apache, you can route the traffic to stunnel terminitating the ssl.

so in your client side code you would connect to for example

http://example.com/path/to/socketserver:8000

which your web server would redirect to stunnel , then in turn stunnel would terminate the ssl and route it back to the actual listening location of your php script. Alot of developers use techniques like this, since stunnel can handle the ssl encryption/decryption much more efficiently(and faster) than a server side scripting language.

here's a tutorial i found by googling the subject.

http://afitnerd.com/2012/08/14/websockets-over-ssl-stunnel-haproxy-node-js/

edit: a simpler method

https://vec.io/posts/goliath-secure-websocket-ssl-wss-with-stunnel-varnish-nginx

dominics commented 9 years ago

I think this might be fixed by #57

It's available on >= 2.0.4 (or 2.0.5-beta). Please reopen an issue if it doesn't help. And thanks for reporting.

(Total derp fix in the end: comma/period :()