How to Enable Https Stream Wrappers

stream context for custom stream wrappers

You know on open which protocol is called, so, use your context there:

<?php
class Test_Stream {
    public $context;

    public function stream_open($path, $mode, $options, &$opened_path ){
        var_dump(parse_url($path, PHP_URL_SCHEME));
        exit;
    }
}

$context = array(
    'test' => array('key' => 'value'),
    'otherwrapper' => array('key' =>'value')
);
$context = stream_context_create($context);
stream_wrapper_register('test', 'Test_Stream');
$fp = fopen('test://www.domain.tld/whatever', 'r', false, $context);

string(4) "test"

PHP cURL or https stream wrapper (openssl) most widely enabled

@stormbreaker

From what i understand

Code Portability : Means writing your program (code) in such a way that the same code works on different environments. You should be easy to understand , identify exceptions and maintain

Widely Enabled : Means as Having great extent or range in availability by default or supported by majority of service providers

CURL supports more features in the same lib, cleaner , multiple processing etc.

https stream wrapper is more widely available can be very tricky depending when you move form platform to platform depending on the application

SSL wrapper stream in C

I don't know any libraries you can use but you can find plenty of samples. Most applications in C would have to do the same for their TCP code so SSL and raw socket versions don't differ too much.

For example, check out ssl_unix.c from Pine IMAP,

https://svn.cac.washington.edu/public/alpine/snapshots/imap/src/osdep/unix/

It does exactly what you are describing with OpenSSL.

Is it possible to work with FTPS under PHP using stream context?

Will this work?

Can I also use peer-validated stream contexts to open ftps streams?

Yes. The ftps stream wrapper utilizes the same SSL context options as the https wrapper and will be available as long as you have the openssl extension enabled in your PHP build. You can verify if the ftps wrapper is available by checking the output from stream_get_wrappers() like so:

<?php
print_r(stream_get_wrappers());

If you have ext/openssl enabled in your php build you'll see ftps listed in the output alongside the other available stream wrappers.

How do I assign the SSL context options?

So I am wildly guessing

You're really close! The only thing you need to change in your code is to replace "ftps" with "ssl" as shown here:

<?php
$ctx = stream_context_create(['ssl' => [
    'verify_peer' => true,
    'cafile' => 'd:/sandbox/mycerts.pem',
    'CN_match' => 'ftp-12345678.mywebhoster.com'
]]);

Regardless of whether you're using https, ftps or any other stream wrapper the context options governing SSL/TLS encryption are always stored in the "ssl" key.

Where do I put the user/password?

Right? Wrong? User+Password as options now? And then what? User/Password now? Or later? I am clueless...

The ftp and ftps stream wrappers both expect the username and password in the URI as shown here:

<?php
$ftpPath = 'ftps://username:password@example.com';

Don't be thrown off by our specification of the user/pass in cleartext here. The stream wrapper will only send the username and password after an encrypted connection is established.

Putting it all together

The opendir() family of functions supports the ftp wrapper (since PHP 5.0). You use these functions the same way you would with local filesystem paths:

<?php
$ctx = stream_context_create(['ssl' => [
    'verify_peer' => true,
    'cafile' => 'd:/sandbox/mycerts.pem',
    'CN_match' => 'ftp-12345678.mywebhoster.com'
]]);
$dirHandle = opendir('ftps://username:password@example.com/', $ctx);
while (($file = readdir($dirHandle)) !== false) {
    echo "filename: $file\n";
}
closedir($dirHandle);

Note on SSL/TLS name matching

If it doesn't work initially you should test without passing the additional context $ctx containing the SSL options. The CN (common name) field of the server's certificate must match the "CN_match" value you specify (with limited wildcard matching for subdomains). Also, prior to the forthcoming PHP-5.6 release there is no support for matching names against the Subject Alternative Name field in the remote party's certificate. Unless you're working with a development preview for 5.6 you won't have this capability (SAN matching) and the peer verification routine will fail if the server relies on SAN.

http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in

You have to restart your server machine or services in order to reload php.ini file.


Related Topics

How to Set Default Value for Form Field in Symfony2

Laravel Eloquent Display Query Log

Dyld: Library Not Loaded: /Usr/Local/Lib/Libpng16.16.Dylib with Anything PHP Related

How Exactly Does If($Variable) Work

How to Get System Environment Variables into PHP While Running Cli & Apache2Handler

How to Read a List of Files from a Folder Using PHP

Joomla Password Encryption

Run Composer with a PHP Script in Browser

PHP Case-Insensitive In_Array Function

Regular Expression to Collect Everything After the Last /

CSV to Associative Array

Symfony2 and Date_Default_Timezone_Get() - It Is Not Safe to Rely on the System's Timezone Settings

PHP Replacing Special Characters Like à->A, è->E

PHP Memcached Fatal Error: Class 'Memcache' Not Found

How to Convert Output of Number_Format Back to Numbers in PHP

How to Select Randomly with Doctrine

PHP Flush Not Working

What Is Pdo & Why Should I Use It


Leave a reply



Submit