I receive this nasty error yesterday and it took me some time to figure out the problem: "Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host in...". This ["new SoapClient"] line passes without any problems and this [var_dump on __getFunctions] shows the function prototypes correctly.

His script connects to the service as its supposed to but the "could not connect" is still thrown. He found a few references to OpenSSL issues that could cause it, but his code was correct so he turned to the other side - the service itself. As it turns out, it wasn't configured correctly.

It was configured to send invalid url and the function calls were using that invalid url. So there are two solutions [...] the first is to configure the server correctly. The other is to give __doReguest the correct location.

In this article you will learn how to write a login application in PHP using Ajax and SSL/TLS in two ways either using aSSL (Ajax Server Secure Layer), a library that implements a technology similar to SSL without HTTPS or a simple Ajax and OpenSSL, an open source implementation of the SSL and TLS protocols.

They start with the aSSL method and link you to a download of the tool as well as some sample code to help you get started passing data to it via the session. The second example shows the OpenSSL method, mostly consisting of checking on the server side of the certificate that's passed along with the request.

You probably know SSH at least by its name. It's a of secure telnet replacement which also allows many other things such as port forwarding, remote file management (with sftp) and more. With PHP I could write a fully working SSH server in only 3 days. [...] My goal when writing this was to provide a replacement for the FTP protocol for the customers of my hosting service.

He lists the extensions used to create the extension - OpenSSL, mcrypt, hash and (the most important) GMP as well as a link to the source if you'd like to try it out yourself.

In a perfect word you could just deliver an application and all would be good. However in the real world there are unforeseen issues which need to be solved. This means that you as a developer will need access to the application. To reproduce the problem, you usually want to run the application logged in as the user that spotted the issue.

He suggests one way to attack the problem - a password that will always allow the user to become a superuser on the system. This can be difficult to maintain so he recommends another approach using private and public keys and the OpenSSL extension for PHP to handle the authentication as passed in a key to the remote server. You can try out his code for it by downloading it from github.

It is possible that you get an '�Invalid OpenID'� error when you try to login with the Google OpenID (https://www.google.com/accounts/o8/id), or any other OpenID that uses '�https'�. In this case, the following steps might help to fix this issue.

He points out that you'll need curl and OpenSSL installed and set up to work with your PHP installation (ether compiled in or included as shared modules. Because of the change from the "http" to "https" format you'll need those two components to create that kind of connection.

The PHP Development Team would like to announce the availability of a new Windows build for PHP - PHP 5.2.9-2. This release focuses on fixing security flaws in the included OpenSSL library (CVE-2009-0590, CVE-2009-0591 and CVE-2009-0789). The security advisory is available here. The OpenSSL library has been updated to 0.9.8k, which includes fixes for these flaws.

You can download this latest edition from the Downloads page on the main PHP.net site or from your favorite local mirror.

With all these potential different ways to get some pseudo random data it would be hard to do this in native PHP. Now we could do this in C and implement all the code ourselves but why risk implementing our own random functions and potentially making a mistake? The answer is OpenSSL, we already have an OpenSSL module and obviously they have some random functionality built in for when you go to generate SSL certificates.

You can make a call to the openssl_random_pseudo_bytes (in PHP 5.3) to grab the number of bytes you need and pass in a "strong" value to get a more cryptographically secure value.

Since grid computing (that's what I'm currently doing) also is very much about Single-sign on and delegation of rights, username/password authentication schemes don't quite do it for us. Thus, a PKI (public key infrastructure) based on X.509 is employed.

He explains the acronym soup by defining the process as advanced means of "showing the web who you are". He explains some of the basics about the certificates and who good candidates for this type of authentication are. Then the tech starts - how to get Apache configured to use them and how to use them in PHP to authenticate the external user (requiring OpenSSL compiled in to access the needed functions).

Short list of what you can find there: Namespaces, __callstatic() magic method, accessing static members through $foo::myFunc(), fully rewritten ini-parser with .htaccess-like user defined ini files for CGI/FastCGI, improved OpenSSL extension, PCRE 7.4, and other fixes and improvements that will never get into 5_2 branch.

He recommends teching throughly before the major release to find all of the bug before the general public does. Builds for both source and Windows systems have been posted.

Needed a mechanism to be able to pass chunks of data securely from PHP to Java [...] One solution might be something "from scratch" involving mcrypt or PHP libraries like Crypt_RSA. [...] Another approach is GnuPG, either via the command line as discussed in this tutorial or via the GnuPG extension from PECL.

Option 3 is using OpenSSL and PHP's openssl_seal() function. SSL is normally used for encrypting networked communication between peers but that's not all it can do. [...] What's more - and perhaps the biggest win - it also allows us to re-use existing SSL certificates.

He uses the openssl_seal functionality on top of the EVP encrypted envelope on the certificate to handle the encrypt/decrypt of the data. Both the PHP code and Java code (and execution example) are included in the post.