Quote:
Originally Posted by alBert2000
I made a quick test with the page you mentioned and fsock:
|
Quote:
Originally Posted by alBert2000
So it seems that fsock checks the certificate too.
I'm not an expert at all.
I just was curious.
Maybe someone could explain that in more detail so that we can use the one-line fix without having to worry.
|
Testing PHP 7.x on latest Debian 9 "Stretch":
Code:
$ php ssl-fsockopen.php
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /home/darkdevil/ssl-fsockopen.php on line 8
PHP Warning: fsockopen(): Failed to enable crypto in /home/darkdevil/ssl-fsockopen.php on line 8
PHP Warning: fsockopen(): unable to connect to ssl://last-time-i-checked-this-certificate-expired.darkserv.net:443 (Unknown error) in /home/darkdevil/ssl-fsockopen.php on line 8
Error:
Testing with some very old PHP 5.3, from the stonage:
Code:
$ php ssl-fsockopen.php
HTTP/1.1 404 Not Found
Date: Mon, 23 Apr 2018 17:36:07 GMT
[...]
IF you have PHP 5.6 or higher, fsockopen will validate the certificates, and you can actually do the easy fix with no issues.
Since fsockopen didn't do it in the past (e.g. below 5.6), I wasn't using fsockopen unless really necessary, "for security reasons".
Seems like there is one good change here, that I actually missed among all the updates of PHP...
__________________