Jump to content
The Uniform Server Community

OpenSSL version mixup crashes PHP/Apache


Recommended Posts



I'm trying to use the functions provided by PHP's openssl extension, but I'm running into a problem. The problem is due to the fact that PHP was compiled with OpenSSL version 0.9.8x and is now forced to run with the dll's of version 1.0.1c. The issue is easy to demonstrate using the following code:

$privatekey = openssl_pkey_get_private (@file_get_contents ("private.key"));
openssl_pkey_get_details ($privatekey);
echo ("Made it!");


The private.key file contains a run of the mill RSA private key. I used this one:



This simple script causes the following crash report on my x64 Win7:

Gebeurtenisnaam van probleem:	APPCRASH
 Naam van de toepassing:	php.exe
 Versie van toepassing:
 Tijdstempel van toepassing:	50ad2821
 Naam van foutmodule:	LIBEAY32.dll
 Versie van foutmodule:
 Tijdstempel van foutmodule:	4faf8edb
 Uitzonderingscode:	c0000005
 Uitzonderingsmarge:	0002e791
 Versie van besturingssysteem:	6.1.7601.
 Landinstelling-id:	1043
 Aanvullende informatie 1:	0a9e
 Aanvullende informatie 2:	0a9e372d3b4ad19135b953a78882e789
 Aanvullende informatie 3:	0a9e
 Aanvullende informatie 4:	0a9e372d3b4ad19135b953a78882e789


I can "solve" the issue by replacing usr\local\php\(lib|ssl)eay32.dll with ones from OpenSSL 0.9.8r (don't have 0.9.8x handy), but this is hardly a solution. I'm thinking either PHP should be built against OpenSSL 1.0.1c or UniformServer should use 0.9.8x instead. At the moment I don't really dare to enable Apache's mod_ssl as it's probably built against 1.0.1c and it won't be happy with the 0.9.8r dll's :)/>


Otherwise I'm really happy with the project. We're working on using it as the standard environment for on-premise deployments of our webbased ERP-software. Especially happy with the updates that get released on a fairly regular basis.





Link to comment
Share on other sites

Thanks for your reply. While looking into this issue a bit further, I build PHP 5.4.9 against OpenSSL 1.0.1c. I ended up with a version of php_openssl.dll that's at least able to run the script I provided in my first post successfully. I've attached it here for completeness, but I imagine it would have to be rebuilt before it can be included in a release.


So now there are two ways to solve this. For me personally both options are equally fine. Version 1.0.1 adds some interesting features (the GCM block mode for example), but those aren't available through the PHP extension anyway. Anyone in favor of a particular option ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...