我在Linux服务器上使用APNS与PHP有问题。我在simplepush.php设置中使用stream_context示例脚本(已设置$ passphrase):
$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert','/var/www/html/ck.pem');
stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);
stream_context_set_option($ctx, 'ssl', 'cafile', '/usr/lib/ssl/certs/Entrust_Root_Certification_Authority.pem');
并尝试连接gateway.sandbox.push.apple.com:2195:
$fp = stream_socket_client(
'ssl://gateway.sandbox.push.apple.com:2195', $err,
$errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);
if (!$fp){
exit("Failed to connect: $err $errstr" . PHP_EOL);
}
当我运行脚本时,它说:
PHP Warning: stream_socket_client(): Failed to enable crypto in /var/www/html/test2.php on line 27
PHP Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/html/test2.php on line 27
Failed to connect: 0
Telnet测试:
Trying 17.172.232.46...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.
服务器委托证书:
/usr/lib/ssl/certs/Entrust.net_Global_Secure_Personal_CA.pem
/usr/lib/ssl/certs/Entrust.net_Global_Secure_Server_CA.pem
/usr/lib/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/usr/lib/ssl/certs/Entrust.net_Secure_Personal_CA.pem
/usr/lib/ssl/certs/Entrust.net_Secure_Server_CA.pem
/usr/lib/ssl/certs/Entrust_Root_Certification_Authority.pem
对所有证书以及ck.pem文件提供了777权限,该文件与simplepush.php文件(/ var / www / html) 位于同一文件夹中p>
另外,我认为ck.pem是有效证书,因为从Mac终端执行调用时连接成功。
终端的SSL连接:
azureuser@myserver:/var/www/html$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert /var/www/html/ck.pem -CAfile /usr/lib/ssl/certs/Entrust_Root_Certification_Authority.pem
Enter pass phrase for /var/www/html/ck.pem:
CONNECTED(00000003)
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify return:1
depth=0 C = US, ST = California, L = Cupertino, O = Apple Inc., CN = gateway.sandbox.push.apple.com
verify return:1
140195332839072:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIETCMmsDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNDA1MjMxNzQyNDJaFw0xNjA1MjQw
NzA1MTNaMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYD
VQQHEwlDdXBlcnRpbm8xEzARBgNVBAoTCkFwcGxlIEluYy4xJzAlBgNVBAMTHmdh
dGV3YXkuc2FuZGJveC5wdXNoLmFwcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOQpUlXpU3+LJ2XR01QdVooN7S9OFOINp3/tomPaenQAwFGo
qIakKFcN7AotWLFXFcR0QXKJkn4PL/zPKDBucyRFkc79S5+ZraGRISWfi7G8XeaG
G3GzgeVQ977Qrn0IdCswnbwLsJoErnmq4AveQajUbYueR9SxhkWBwMimSxXzXoOS
XUOPzRvzObCxVZrvBBDSRJCeNVnVxtCmb17DM3+z5GZatBwWnvw0jgvSQsgof+uC
idXgqcN4msv3tVH54ipmuD9kbbwvtnDCHBZRXMMmhUfFXZRuE8GBEbPfVkqB16ad
JV4TVrVxwFENwdnsX9CXavHCgFJhtHRWKOoCH48CAwEAAaOCAY0wggGJMAsGA1Ud
DwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0fBCww
KjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFjLmNybDBkBggr
BgEFBQcBAQRYMFYwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MC8GCCsGAQUFBzAChiNodHRwOi8vYWlhLmVudHJ1c3QubmV0LzIwNDgtbDFjLmNl
cjBKBgNVHSAEQzBBMDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8v
d3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwKQYDVR0RBCIwIIIeZ2F0ZXdh
eS5zYW5kYm94LnB1c2guYXBwbGUuY29tMB8GA1UdIwQYMBaAFB7xq4kG+EkPATN3
7hR67hl8kyhNMB0GA1UdDgQWBBSSGfpGPmr9+FPcqRiStH0iKRBL7DAJBgNVHRME
AjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAkj6+okMFVl7NHqQoii4e4iPDFiia+LmHX
BCc+2UEOOjilYWYoZ61oeqRXQ2b4Um3dT/LPmzMkKmgEt9epKNBLA6lSkL+IzEnF
wLQCHkL3BgvV20n5D8syzREV+8RKmSqiYmrF8dFq8cDcstu2joEKd173EfrymWW1
fMeaYTbjrn+vNkgM94+M4c/JnIDOhiPPbeAx9TESQZH+/6S98hrbuPIIlmaOJsOT
GMOUWeOTHXTCfGb1EM4SPVcyCW28TlWUBl8miqnsEO8g95jZZ25wFANlVxhfxBnP
fwUYU5NTM3h0xi3rIlXwAKD6zLKipcQ/YXRx7oMYnAm53tfU2MxV
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
---
SSL handshake has read 3143 bytes and written 2032 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 40C185D8F81ABD51E8BAF4BA863949A6A006AE80CEE04E2989A2E0269764A14107F0D3933E2A1A65D6825C61934F51F8
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1455228997
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
这一部分引起我注意的只是这一部分:
routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
我读到它是ubuntu版本的某种bug,并且可以通过ssl降级来解决,但我真的不相信,如果这实际上可能是一个原因。
结论:
ck.pem是有效证书(使用密码),并且还为simplepush.php文件中的证书设置了绝对路径telnet到apns正在运行(端口已打开)ck.pem,simplepush.php和所有根证书设置权限(777)openssl s_client ...正在返回Verify return code: 0 (ok),唯一可疑的是ssl handshake failure:s23_lib.c:177 我在这里遗漏了一些东西(可能在我的服务器配置上),但我的想法可能会用尽,现在它已经变得如此令人沮丧:)
注意: 我理解这个主题可能是重复的,但我搜索了很多与apns推送相关的内容,并阅读了与此问题相关的许多主题,现在我非常确定我已经在服务器上设置和配置了所有内容,但我仍然缺少一些东西。
您有什么想法会导致这个问题吗?提前谢谢。