On the Ldeveloper Tech Blog today there's a helpful new post about an error PHP's SOAP extension could throw about not being able to connect to the host despite all settings being correct.

I receive this nasty error yesterday and it took me some time to figure out the problem: "Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host in...". This ["new SoapClient"] line passes without any problems and this [var_dump on __getFunctions] shows the function prototypes correctly.

His script connects to the service as its supposed to but the "could not connect" is still thrown. He found a few references to OpenSSL issues that could cause it, but his code was correct so he turned to the other side - the service itself. As it turns out, it wasn't configured correctly.

It was configured to send invalid url and the function calls were using that invalid url. So there are two solutions [...] the first is to configure the server correctly. The other is to give __doReguest the correct location.

On the PHPBuilder.com site today there's a new tutorial posted from Octavia Anghel about creating a login for your site that's powered by Ajax and uses a bit more security than normal. It includes hooks to use the Ajax Server Secure Layer or an OpenSSL connection.

In this article you will learn how to write a login application in PHP using Ajax and SSL/TLS in two ways either using aSSL (Ajax Server Secure Layer), a library that implements a technology similar to SSL without HTTPS or a simple Ajax and OpenSSL, an open source implementation of the SSL and TLS protocols.

They start with the aSSL method and link you to a download of the tool as well as some sample code to help you get started passing data to it via the session. The second example shows the OpenSSL method, mostly consisting of checking on the server side of the certificate that's passed along with the request.

In an effort to just about everything he can with PHP Mark Karpeles has posted an article about how he created a SSH server in PHP with most (not quite all) of the functionality of some of its counterparts.

You probably know SSH at least by its name. It's a of secure telnet replacement which also allows many other things such as port forwarding, remote file management (with sftp) and more. With PHP I could write a fully working SSH server in only 3 days. [...] My goal when writing this was to provide a replacement for the FTP protocol for the customers of my hosting service.

He lists the extensions used to create the extension - OpenSSL, mcrypt, hash and (the most important) GMP as well as a link to the source if you'd like to try it out yourself.

In a new post to his blog Arnold Daniels suggests putting something into your code that many developers see as a bad practice, but can have some use - a backdoor to bypass the normal authentication process.

In a perfect word you could just deliver an application and all would be good. However in the real world there are unforeseen issues which need to be solved. This means that you as a developer will need access to the application. To reproduce the problem, you usually want to run the application logged in as the user that spotted the issue.

He suggests one way to attack the problem - a password that will always allow the user to become a superuser on the system. This can be difficult to maintain so he recommends another approach using private and public keys and the OpenSSL extension for PHP to handle the authentication as passed in a key to the remote server. You can try out his code for it by downloading it from github.

In a recent post to his blog Daniel Hofstetter talks about an issue you might been seeing with using the Google OpenID service and the PHP OpenID library.

It is possible that you get an '�Invalid OpenID'� error when you try to login with the Google OpenID (https://www.google.com/accounts/o8/id), or any other OpenID that uses '�https'�. In this case, the following steps might help to fix this issue.

He points out that you'll need curl and OpenSSL installed and set up to work with your PHP installation (ether compiled in or included as shared modules. Because of the change from the "http" to "https" format you'll need those two components to create that kind of connection.

According to PHP.net, the latest release in the PHP 5.2.x series is now available for Windows users - PHP 5.2.9-2.

The PHP Development Team would like to announce the availability of a new Windows build for PHP - PHP 5.2.9-2. This release focuses on fixing security flaws in the included OpenSSL library (CVE-2009-0590, CVE-2009-0591 and CVE-2009-0789). The security advisory is available here. The OpenSSL library has been updated to 0.9.8k, which includes fixes for these flaws.

You can download this latest edition from the Downloads page on the main PHP.net site or from your favorite local mirror.

To help alleviate some recent complaints about the pseudo-random nature of the random functions in PHP, Scott MacVicar has proposed an alternate solution:

With all these potential different ways to get some pseudo random data it would be hard to do this in native PHP. Now we could do this in C and implement all the code ourselves but why risk implementing our own random functions and potentially making a mistake? The answer is OpenSSL, we already have an OpenSSL module and obviously they have some random functionality built in for when you go to generate SSL certificates.

You can make a call to the openssl_random_pseudo_bytes (in PHP 5.3) to grab the number of bytes you need and pass in a "strong" value to get a more cryptographically secure value.

Christopher Kunz has relaunched his php-security.net domain with a brand new blog and a new article posted today - "X.509 PKI login with PHP and Apache".

Since grid computing (that's what I'm currently doing) also is very much about Single-sign on and delegation of rights, username/password authentication schemes don't quite do it for us. Thus, a PKI (public key infrastructure) based on X.509 is employed.

He explains the acronym soup by defining the process as advanced means of "showing the web who you are". He explains some of the basics about the certificates and who good candidates for this type of authentication are. Then the tech starts - how to get Apache configured to use them and how to use them in PHP to authenticate the external user (requiring OpenSSL compiled in to access the needed functions).

Antony Dovgal points out that Derick Rethans has added the snapshots for PHP 5.3 to the snaps.php.net website.

Short list of what you can find there: Namespaces, __callstatic() magic method, accessing static members through $foo::myFunc(), fully rewritten ini-parser with .htaccess-like user defined ini files for CGI/FastCGI, improved OpenSSL extension, PCRE 7.4, and other fixes and improvements that will never get into 5_2 branch.

He recommends teching throughly before the major release to find all of the bug before the general public does. Builds for both source and Windows systems have been posted.

Harry Fuecks came across a need in his development work to bridge a gap between a PHP script and some Java work he'd done. He found the way that fit his situation the best - the encryption of the data on the PHP side via OpenSSL.

Needed a mechanism to be able to pass chunks of data securely from PHP to Java [...] One solution might be something "from scratch" involving mcrypt or PHP libraries like Crypt_RSA. [...] Another approach is GnuPG, either via the command line as discussed in this tutorial or via the GnuPG extension from PECL.

Option 3 is using OpenSSL and PHP's openssl_seal() function. SSL is normally used for encrypting networked communication between peers but that's not all it can do. [...] What's more - and perhaps the biggest win - it also allows us to re-use existing SSL certificates.

He uses the openssl_seal functionality on top of the EVP encrypted envelope on the certificate to handle the encrypt/decrypt of the data. Both the PHP code and Java code (and execution example) are included in the post.