php 8.0
Re: php 8.0
I am usiing FreeBSD 13.1 currently all patched up
/usr/local/sbin/nginx -v
nginx version: nginx/1.23.2 (nginx-quic)
and you can look up all php information on the server at https://www.nk.ca/phpinfo.phtml still
php -i | egrep openssl
Failed loading /usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so: Cannot open "/usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so"
PHP Warning: PHP Startup: igbinary: Unable to initialize module
Module compiled with module API=20170718
PHP compiled with module API=20190902
These options need to match
in Unknown on line 0
/usr/local/etc/php/ext-20-openssl.ini,
openssl
Openssl default config => /usr/local/ssl/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value
/usr/local/sbin/nginx -v
nginx version: nginx/1.23.2 (nginx-quic)
and you can look up all php information on the server at https://www.nk.ca/phpinfo.phtml still
php -i | egrep openssl
Failed loading /usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so: Cannot open "/usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so"
PHP Warning: PHP Startup: igbinary: Unable to initialize module
Module compiled with module API=20170718
PHP compiled with module API=20190902
These options need to match
in Unknown on line 0
/usr/local/etc/php/ext-20-openssl.ini,
openssl
Openssl default config => /usr/local/ssl/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value
Re: php 8.0
Okay, so openssl.cafile is empty. I think that's around where the problem is. The error message showed PHP is failing to valdiate github's certificate:
I assume there is something misconfigured, either the local cert collection is missing or can't be read by PHP. The server time is set correctly, right?
As in https://github.com/composer/composer/issues/8312, you could try to download a fresh cacert.pem and configure PHP to use it for openssl, via the openssl.cafile setting. Otherwise you would need someone with knowledge about FreeBSD on what might be wrong with the cert chain here. This is likely a bug in FreeBSD.
Code: Select all
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
As in https://github.com/composer/composer/issues/8312, you could try to download a fresh cacert.pem and configure PHP to use it for openssl, via the openssl.cafile setting. Otherwise you would need someone with knowledge about FreeBSD on what might be wrong with the cert chain here. This is likely a bug in FreeBSD.
Re: php 8.0
Checking in with FreeBSDers on this issue
Re: php 8.0
from https://groups.google.com/g/comp.lang.php/c/QKZnFFaeH6E
On 01/12/2022 00.36, The Doctor wrote:
> php testcode.php
> Failed loading /usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so: Cannot open "/usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so"
You should remove the loading of a module you don't use? Check your
/etc/php or where you have your php config files.
> curl seems to work PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> PHP Warning: file_get_contents(): Failed to enable crypto in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> PHP Warning: file_get_contents(https://raw.github.com/s9y/additional_p ... bar_en.xml): failed to open stream: operation failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> HTTP_Request2_ConnectionException: Unable to connect to tls://raw.github.com:443. Error: stream_socket_client(): unable to connect to tls://raw.github.com:443 (Unknown error)
> stream_socket_client(): Failed to enable crypto
> stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/bundled-libs/HTTP/Request2/Adapter/Socket.php on line 331
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> I assume there is something misconfigured, either the local cert collection is missing or can't be read by PHP. The server time is set correctly, right?
Do you have the right package installed for ca certificates? Seems
FreeBSD changed ca-root to ca_root_nss, see
http://ootput.github.io/2011/09/25/ca-c ... n-freebsd/
On 01/12/2022 00.36, The Doctor wrote:
> php testcode.php
> Failed loading /usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so: Cannot open "/usr/local/lib/php/20131226-zts-debug/ioncube/ioncube_loader.so"
You should remove the loading of a module you don't use? Check your
/etc/php or where you have your php config files.
> curl seems to work PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> PHP Warning: file_get_contents(): Failed to enable crypto in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> PHP Warning: file_get_contents(https://raw.github.com/s9y/additional_p ... bar_en.xml): failed to open stream: operation failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> HTTP_Request2_ConnectionException: Unable to connect to tls://raw.github.com:443. Error: stream_socket_client(): unable to connect to tls://raw.github.com:443 (Unknown error)
> stream_socket_client(): Failed to enable crypto
> stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/bundled-libs/HTTP/Request2/Adapter/Socket.php on line 331
> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /usr/home/doctor/html/blog/serendipity/testcode.php on line 15
> I assume there is something misconfigured, either the local cert collection is missing or can't be read by PHP. The server time is set correctly, right?
Do you have the right package installed for ca certificates? Seems
FreeBSD changed ca-root to ca_root_nss, see
http://ootput.github.io/2011/09/25/ca-c ... n-freebsd/
Re: php 8.0
Very interesting, they had similar theories as we tried out here. That makes me feel better, but must have been lots of work for you! I hope the ca package suggestion pans out.
Re: php 8.0
From https://forums.freebsd.org/threads/word ... 165/page-2
If using cURL, maybe something here will help: https://thisinterestsme.com/php-curl-ss ... ate-error/
(Sorry, it's a bit advert-riddled but the core information seems useful).
But not really sure what you are doing so might not help in this case.
If using cURL, maybe something here will help: https://thisinterestsme.com/php-curl-ss ... ate-error/
(Sorry, it's a bit advert-riddled but the core information seems useful).
But not really sure what you are doing so might not help in this case.
Re: php 8.0
If the testscript is working correctly, then curl was working fine. Which is not all that unlikely, as I imagined to remember that it handles certificates separately. But it's the alternatives that fail, when PHP is used to download stuff without curl. I really think you are going in the right direction with looking at the PHP cacert configuration.
This is still likely a s9y bug, as the code tries to fallback to curl and that is evidently not working. But only secondary, as the download via PHP ought to work.
This is still likely a s9y bug, as the code tries to fallback to curl and that is evidently not working. But only secondary, as the download via PHP ought to work.
Re: php 8.0
From https://forums.freebsd.org/threads/word ... 165/page-2
commenting on the php script
So the top part uses the cURL library to get a remote file, then line 15 uses PHP's function to get a remote file and that function has issues with the certificate.
PHP: file_get_contents - Manual
www.php.net www.php.net
The third part of the script uses a different library to retrieve remote files.
To use SSL with PHP's function you need to set up things appropriately e.g. https://www.php.net/manual/en/context.ssl.php
commenting on the php script
So the top part uses the cURL library to get a remote file, then line 15 uses PHP's function to get a remote file and that function has issues with the certificate.
PHP: file_get_contents - Manual
www.php.net www.php.net
The third part of the script uses a different library to retrieve remote files.
To use SSL with PHP's function you need to set up things appropriately e.g. https://www.php.net/manual/en/context.ssl.php
Re: php 8.0
FYI Freebsd 13.X uses /usr/local/share/certs/ca-root-nss.crt
Re: php 8.0
This is only partly correct. These are not options each PHP script sets, how should it know about all server environments in existence? This is given by the PHP configuration to each PHP program, on linux distros usually without additional input from the server admin. If FreeBSD uses /usr/local/share/certs/ca-root-nss.crt, try setting that as the openssl.cafile option in your PHP.ini (as e.g. described in https://forum.howtoforge.com/threads/in ... rts.83727/).
I highly doubt that this changed with PHP 8, even though it is possible - I am usually testing on uberspace, where the hoster might have fixed that for us (and all linux distros stopped doing so? Unlikely).
But take it as confirmation that one other user also had to set this setting. Probably just a missing adjustement in the php package, or maybe not providing a fitting config file is policy? I don't know enough about BSDs.
I highly doubt that this changed with PHP 8, even though it is possible - I am usually testing on uberspace, where the hoster might have fixed that for us (and all linux distros stopped doing so? Unlikely).
But take it as confirmation that one other user also had to set this setting. Probably just a missing adjustement in the php package, or maybe not providing a fitting config file is policy? I don't know enough about BSDs.
Re: php 8.0
Found the issue
You need to add to php.ini file where to find the cainfo
Case closed
You need to add to php.ini file where to find the cainfo
Case closed
Re: php 8.0
So under FreeBSD 13.1, add
to which php.ini exactly?
Code: Select all
openssl.cafile=/usr/local/share/certs/ca-root-nss.crt
Re: php 8.0
Thanks, maybe it helps someone :)
Re: php 8.0 - warnings on serendipity_admin.php from serendipity_event_karma and serendipity_event_linktrimmer
Are these of interest?
S9y 2.4.0 PHP 8.0, $serendipity['production'] = false; (after having removed serendipity_plugin_topexits) browsing logged in serendipity_admin.php gives
S9y 2.4.0 PHP 8.0, $serendipity['production'] = false; (after having removed serendipity_plugin_topexits) browsing logged in serendipity_admin.php gives
Code: Select all
Warning: Undefined array key "noimage" in plugins/serendipity_event_karma/serendipity_event_karma.php on line 2112.
Warning: Cannot modify header information - headers already sent by (output started at include/compat.inc.php:202) in serendipity_admin.php on line 11.
Warning: Undefined array key "noimage" in plugins/serendipity_event_karma/serendipity_event_karma.php on line 2112.
Warning: Undefined variable $error in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 200.
Warning: Undefined variable $url in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 201.
Warning: Undefined array key "linktrimmer_url" in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 202.
Warning: Undefined array key "txtarea" in plugins/serendipity_event_linktrimmer/serendipity_event_linktrimmer.php on line 204.
Running s9y at https://erack.net/blog/