php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #67623 Connect with JobServer using SSL
Submitted: 2014-07-15 12:57 UTC Modified: 2017-01-10 08:24 UTC
Votes:7
Avg. Score:4.6 ± 0.7
Reproduced:6 of 7 (85.7%)
Same Version:2 (33.3%)
Same OS:1 (16.7%)
From: chjgcn at gmail dot com Assigned:
Status: Suspended Package: gearman (PECL)
PHP Version: 5.5.14 OS: Arch Linux
Private report: No CVE-ID: None
 [2014-07-15 12:57 UTC] chjgcn at gmail dot com
Description:
------------
The Gearman JobServer can start up using SSL, but libgearman does not support it well, and this extenssion does not support it. Now I have done some change with the libgearman code , and have posted a patch file at
    https://bugs.launchpad.net/gearmand/+bug/1338861
Then I modify this extenssion code, and post the patch file here. I have tested that with this patch, PHP code can set SSL by
    // Client:
    $gearman_client = new GearmanClient();
    $gearman_client->setSSL(true, "ca_file_path", "certificate_path", "key_file_path");
    $gearman_client->addServer();
    // Worker:
    $gearman_worker = new GearmanWorker();
    $gearman_worker->setSSL(true, "ca_file_path", "certificate_path", "key_file_path");
    $gearman_worker->addServer();
and communicate with JobServer using SSL now.


Patches

gearman-ssl.patch (last revision 2014-07-17 07:24 UTC by chjgcn at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-07-15 13:10 UTC] chjgcn at gmail dot com
With this patch, we can set these file pathes in /etc/php/conf.d/gearman.ini :

[gearman]
gearman.ssl_ca_file = /etc/ssl/certs/gearmand-ca.pem
gearman.ssl_certificate = /etc/ssl/certs/gearman.pem
gearman.ssl_key_file = /etc/ssl/certs/gearman.key

If any of these file pathes is not set in setSSL(), it will use the path set in the config file.
 [2014-07-17 02:52 UTC] chjgcn at gmail dot com
If I call addServer before setSSL in PHP code, it will raise an exception:
    0 : Failed to set exception option
and there is a error message in server side:
    SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
This is caused by calling gearman_client_set_server_option() exactly after gearman_client_add_server(), and gearman_client_set_server_option() will make a real connection to server while SSL has not been set.
The way to fix this is removing gearman_client_set_server_option() after gearman_client_add_server() and gearman_worker_set_server_option() after gearman_worker_add_server() .
 [2014-07-17 07:35 UTC] chjgcn at gmail dot com
Manual of gearman_client_set_exception_fn() says that the exception_fn will only be called if exceptions are enabled on the server, so I move gearman_client_set_server_option() after gearman_client_add_server() and gearman_client_add_servers() to after gearman_client_set_exception_fn() .
And it is no need to set exceptions at worker side, so I just remove gearman_worker_set_server_option() after gearman_worker_add_server() and gearman_worker_add_servers() .
I have posted the newer patch file here.
 [2017-01-10 08:24 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:24 UTC] kalle@php.net
The gearman extension have not had much activity in the past few years, so I'm taking the safe bet that this is no longer under active development (as I don't consider the typo fixes on the github repo an active development), besides that it also targets unsupported PHP versions. Please unsuspend this report in case it begins to blossom with life once more
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC