stomp-php icon indicating copy to clipboard operation
stomp-php copied to clipboard

Published 20 hours ago verified publisher icon dejanb

stomp+ssl

Open josecelano opened this issue 10 years ago • 6 comments
trafficstars

I am trying to connect to stomp over ssl and I get this error

SSL/TLS handshake failed

My sample:

<?php

echo "stomb test";

$queue  = '/queue/foo';
$msg    = 'bar';

$user = 'admin';
$pwd = 'XXXXX';

/* connection */
try {
    $stomp = new Stomp('ssl://XXX.XXX.XX.XXX:61612', $user, $pwd);
} catch(StompException $e) {
    //var_dump($stomp->error());
    die('Connection failed: ' . $e->getMessage());
}

/* send a message to the queue 'foo' */
$stomp->send($queue, $msg);

/* subscribe to messages from the queue 'foo' */
$stomp->subscribe($queue);

/* read a frame */
$frame = $stomp->readFrame();

if ($frame->body === $msg) {

    var_dump($frame);

    // acknowledge that the frame was received
    $stomp->ack($frame);
}

/* close connection */
unset($stomp);

And my activemq.xml config file:

    <sslContext>
        <sslContext 
              keyStore="file:${activemq.base}/conf/broker.ks" 
              keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" 
              trustStorePassword="password"/>
    </sslContext>

Server is up and accepting stomp connections.

This is the ActiveMQ guide to use stomp+ssl http://activemq.apache.org/how-do-i-use-ssl.html

I suppose:

  • I have to create two certificates for broker and client.
  • Restart ActiveMQ.
  • And configure PHP client to use server certificate, something like this:
$context = stream_context_create(); 
$result = stream_context_set_option($context, 'ssl', 'local_cert', '/path/to/keys.pem'); 
$result = stream_context_set_option($context, 'ssl', 'passphrase', 'pass_to_access_keys');

Does somebody knows any good step by step tutorial/sample code?

josecelano avatar Feb 05 '15 13:02 josecelano

This is likely a mismatch between the given hostname and the hostname in the cert, this changed by php5.5. or php5.6 to be a strict match

monofone avatar Feb 05 '15 14:02 monofone

Thanks @monofone, I´m using PHP 5.4.24 but I'm going to continue on the way you told me.

josecelano avatar Feb 05 '15 14:02 josecelano

I have found these tutorials:

  • https://github.com/rethab/php-stomp-cert-example
  • http://rethab.github.io/php-stomp-cert-example/

josecelano avatar Feb 05 '15 16:02 josecelano

I still does not manage to connect using SSL.

I have seen you use fsockopen function and PHP manual says that function does not allow to provide stream context. stream_socket_client function allows to provide such context. Then, it seems I can not connect using SSL using your class. I have also seen in your functional test:

https://github.com/dejanb/stomp-php/blob/master/tests/functional/StompSslTest.php

that you do not use any context parameters like client certificate.

I want to use some context options like these:

$opts = array(
    'ssl' => array(
        'local_cert'          => $localCertPath,
        'cafile'                 => $cafilePath,
        'verify_peer'        => true,
        'CN_match'          => 'My Name',
        'allow_self_signed'          => true,
        'disable_compression'   => true,
        'SNI_enabled'                   => true,    
        'passphrase'            => 'xxxxxxxx',
        'capture_peer_cert_chain' => true,
        'capture_peer_cert'            => true,
    )
);
$context = stream_context_create($opts);

josecelano avatar Feb 07 '15 10:02 josecelano

I have found the problem. The problem is just what I told before. Now I am using a fork of this repo and works fine.

This fork fixs the problem: https://github.com/rethab/stomp-php

That fork uses stream_socket_client functions instead of fsockopen.

josecelano avatar Feb 07 '15 13:02 josecelano

It still seems to be impossible to connect over ssl. I keep getting Connection refused.

MPParsley avatar Jan 14 '20 13:01 MPParsley