Re: Connecting to FRED using PHP

I'd like to have my own client written in PHP talk to FRED. I was given separate CRT and KEY files by TZNIC. I've combined this into a single PEM file with: cat posix.key posix.crt > /tmp/tznic.pem I can then successfully get the "Welcome" XML from FRED at TZNIC with: openssl s_client -connect fred.tznic.or.tz:700 -cert /tmp/tznic.pem This shows as a self-signed certificate (as expected). (verify error:num=18:self signed certificate) The combining of the crt and key is because php seems to want a combined PEM certificate... Then - I try connecting with a VERY stripped down PHP script.... (attached)... The core of which is: $ip="fred.tznic.or.tz"; $port=700; $cert="/tmp/tznic.pem"; $context = stream_context_create(); $result = stream_context_set_option($context, 'ssl', 'local_cert', $cert); $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); $result = stream_context_set_option($context, 'ssl', 'verify_host', false); $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); $fp = stream_socket_client("tls://$ip:$port", $errno,$errstr, 20, STREAM_CLIENT_CONNECT, $context); if(!$fp) echo "CONNECT ERROR: $errstr ($errno)\n"; else // read the packet...... The "stream_socket_client" simply times out. What am I doing wrong??? Almost the same code works for: (ie changing machines, ports and Certs) Central-NIC ZACR/CO.ZA CoCCA The FRED test system at TZNIC is running certificate validation - I'm assuming its got something to do with that???? I'm using a variety of different versioned PHP's eg PHP 5.5.18-pl0-gentoo (cli) (built: Nov 10 2014 22:20:27) PHP 5.5.21-pl0-gentoo (cli) (built: Feb 6 2015 16:46:22) PHP 5.4.34-pl0-gentoo (cli) (built: Nov 3 2014 11:10:23) All do the same thing - timeout. Is anyone using a PHP based client?? - that would be the start of a WHMCS plugin for C-Panel (etc). _______________________________________________ fred-users mailing list fred-users(a)lists.nic.cz https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users