php 8.0

Found a bug? Tell us!!
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

I am usiing FreeBSD 13.1 currently all patched up

/usr/local/sbin/nginx -v
nginx version: nginx/1.23.2 (nginx-quic)

and you can look up all php information on the server at https://www.nk.ca/phpinfo.phtml still

php -i | egrep openssl
Failed loading /usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so: Cannot open "/usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so"
PHP Warning: PHP Startup: igbinary: Unable to initialize module
Module compiled with module API=20170718
PHP compiled with module API=20190902
These options need to match
in Unknown on line 0
/usr/local/etc/php/ext-20-openssl.ini,
openssl
Openssl default config => /usr/local/ssl/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php 8.0

Post by onli »

Okay, so openssl.cafile is empty. I think that's around where the problem is. The error message showed PHP is failing to valdiate github's certificate:

Code: Select all

 error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
I assume there is something misconfigured, either the local cert collection is missing or can't be read by PHP. The server time is set correctly, right?

As in https://github.com/composer/composer/issues/8312, you could try to download a fresh cacert.pem and configure PHP to use it for openssl, via the openssl.cafile setting. Otherwise you would need someone with knowledge about FreeBSD on what might be wrong with the cert chain here. This is likely a bug in FreeBSD.
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

Checking in with FreeBSDers on this issue
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

from https://groups.google.com/g/comp.lang.php/c/QKZnFFaeH6E

On 01/12/2022 00.36, The Doctor wrote:

> php testcode.php
> Failed loading /usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so: Cannot open "/usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so"

You should remove the loading of a module you don't use? Check your
/etc/php or where you have your php config files.

> curl seems to work PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> PHP Warning: file_get_contents(): Failed to enable crypto in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> PHP Warning: file_get_contents(https://raw.github.com/s9y/additional_p ... bar_en.xml): failed to open stream: operation failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> HTTP_Request2_ConnectionException: Unable to connect to tls://raw.github.com:443. Error: stream_socket_client(): unable to connect to tls://raw.github.com:443 (Unknown error)
> stream_socket_client(): Failed to enable crypto
> stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/bundled-libs/HTTP/Request2/Adapter/Socket.php on line 331

> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> I assume there is something misconfigured, either the local cert collection is missing or can't be read by PHP. The server time is set correctly, right?

Do you have the right package installed for ca certificates? Seems
FreeBSD changed ca-root to ca_root_nss, see
http://ootput.github.io/2011/09/25/ca-c ... n-freebsd/
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php 8.0

Post by onli »

Very interesting, they had similar theories as we tried out here. That makes me feel better, but must have been lots of work for you! I hope the ca package suggestion pans out.
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

From https://forums.freebsd.org/threads/word ... 165/page-2

If using cURL, maybe something here will help: https://thisinterestsme.com/php-curl-ss ... ate-error/

(Sorry, it's a bit advert-riddled but the core information seems useful).

But not really sure what you are doing so might not help in this case.
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php 8.0

Post by onli »

If the testscript is working correctly, then curl was working fine. Which is not all that unlikely, as I imagined to remember that it handles certificates separately. But it's the alternatives that fail, when PHP is used to download stuff without curl. I really think you are going in the right direction with looking at the PHP cacert configuration.

This is still likely a s9y bug, as the code tries to fallback to curl and that is evidently not working. But only secondary, as the download via PHP ought to work.
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

From https://forums.freebsd.org/threads/word ... 165/page-2
commenting on the php script

So the top part uses the cURL library to get a remote file, then line 15 uses PHP's function to get a remote file and that function has issues with the certificate.

PHP: file_get_contents - Manual
www.php.net www.php.net

The third part of the script uses a different library to retrieve remote files.

To use SSL with PHP's function you need to set up things appropriately e.g. https://www.php.net/manual/en/context.ssl.php
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

FYI Freebsd 13.X uses /usr/local/share/certs/ca-root-nss.crt
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php 8.0

Post by onli »

This is only partly correct. These are not options each PHP script sets, how should it know about all server environments in existence? This is given by the PHP configuration to each PHP program, on linux distros usually without additional input from the server admin. If FreeBSD uses /usr/local/share/certs/ca-root-nss.crt, try setting that as the openssl.cafile option in your PHP.ini (as e.g. described in https://forum.howtoforge.com/threads/in ... rts.83727/).

I highly doubt that this changed with PHP 8, even though it is possible - I am usually testing on uberspace, where the hoster might have fixed that for us (and all linux distros stopped doing so? Unlikely).

But take it as confirmation that one other user also had to set this setting. Probably just a missing adjustement in the php package, or maybe not providing a fitting config file is policy? I don't know enough about BSDs.
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

Found the issue

You need to add to php.ini file where to find the cainfo

Case closed
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php 8.0

Post by onli »

So under FreeBSD 13.1, add

Code: Select all

openssl.cafile=/usr/local/share/certs/ca-root-nss.crt
to which php.ini exactly?
rootnl2k
Regular
Posts: 50
Joined: Tue Jul 17, 2012 7:15 am

Re: php 8.0

Post by rootnl2k »

/usr/local/etc/php.ini
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: php 8.0

Post by onli »

Thanks, maybe it helps someone :)
erAck
Regular
Posts: 236
Joined: Mon Feb 16, 2015 1:20 am

Re: php 8.0 - warnings on serendipity_admin.php from serendipity_event_karma and serendipity_event_linktrimmer

Post by erAck »

Are these of interest?
S9y 2.4.0 PHP 8.0, $serendipity['production'] = false; (after having removed serendipity_plugin_topexits) browsing logged in serendipity_admin.php gives

Code: Select all

Warning: Undefined array key "noimage" in plugins/serendipity_event_karma/serendipity_event_karma.php on line 2112.

Warning: Cannot modify header information - headers already sent by (output started at include/compat.inc.php:202) in serendipity_admin.php on line 11.

Warning: Undefined array key "noimage" in plugins/serendipity_event_karma/serendipity_event_karma.php on line 2112.


Warning: Undefined variable $error in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 200.

Warning: Undefined variable $url in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 201.

Warning: Undefined array key "linktrimmer_url" in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 202.

Warning: Undefined array key "txtarea" in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 204.
Post Reply