1.php代码生成pem文件(包含证书和私钥).命名为gen_pem.php文件
<?php
$certificateData = array(
"countryName" => "US",
"stateOrProvinceName" => "Texas",
"localityName" => "Houston",
"organizationName" => "DevDungeon.com",
"organizationalUnitName" => "Development",
"commonName" => "DevDungeon",
"emailAddress" => "nanodano@devdungeon.com"
);
// Generate certificate
$privateKey = openssl_pkey_new();
$certificate = openssl_csr_new($certificateData, $privateKey);
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
// Generate PEM file
# Optionally change the passphrase from 'comet' to whatever you want, or leave it empty for no passphrase
//$pem_passphrase = 'abracadabra';
$pem = array();
openssl_x509_export($certificate, $pem[0]);
openssl_pkey_export($privateKey, $pem[1], null);
$pem = implode($pem);
// Save PEM file
$pemfile = './server.pem';
file_put_contents($pemfile, $pem);
2.server.php
<?php
$context = stream_context_create();
$pemfile = 'server.pem';
// local_cert must be in PEM format
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
stream_context_set_option($context, 'ssl', 'verify_peer', true);
stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
// Create the server socket
$socket = stream_socket_server(
'ssl://0.0.0.0:8800',
$errno,
$errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,$context
);
if($socket === false && $errno === 0)
{ echo $errstr;exit;}
while(1)
{
$s_socket = stream_socket_accept($socket);
if(is_resource($s_socket))
{
fwrite($s_socket,"hello\n");
fclose($s_socket);
}else{
echo "超时啦";
}
sleep(1);
}
3.client.php
<?php
$host = '127.0.0.1';
$port = 8800;
$timeout = 2;
$cert = 'server.pem'; // Path to certificate
$context = stream_context_create([ 'ssl' => [
'local_cert' => '/vagrant/cms/public/server.pem',
// 'peer_fingerprint' => openssl_x509_fingerprint(file_get_contents('/vagrant/cms/public/server.crt')),
'verify_peer' => true,
'verify_peer_name' => false,
'allow_self_signed' => true,
'verify_depth' => 0 ]]);
if ($socket = stream_socket_client(
'ssl://'.$host.':'.$port,
$errno,
$errstr,
2,
STREAM_CLIENT_CONNECT,$context)
) {
echo "start----\n";
// fwrite($socket, "22\n");
echo fread($socket,8192);
fclose($socket);
} else {
echo "ERROR: $errno - $errstr\n";
}
4.总结
用pem文件生成crt文件:
openssl x509 -outform der -in server.pem -out server.crt
使用ssl需要有openssl模块,
测试步骤:
php gen_pem.php
php server.php
php client.php