/**
* Initialize SSL/TLS context
* @return void
*/
protected function initSecureContext()
{
if (!\EventUtil::sslRandPoll()) {
Daemon::$process->log(get_class($this->pool) . ': EventUtil::sslRandPoll failed');
$this->erroneous = true;
return;
}
if (!FileSystem::checkFileReadable($this->certfile) || !FileSystem::checkFileReadable($this->pkfile)) {
Daemon::log('Couldn\'t read ' . $this->certfile . ' or ' . $this->pkfile . ' file. To generate a key' . PHP_EOL . 'and self-signed certificate, run' . PHP_EOL . ' openssl genrsa -out ' . escapeshellarg($this->pkfile) . ' 2048' . PHP_EOL . ' openssl req -new -key ' . escapeshellarg($this->pkfile) . ' -out cert.req' . PHP_EOL . ' openssl x509 -req -days 365 -in cert.req -signkey ' . escapeshellarg($this->pkfile) . ' -out ' . escapeshellarg($this->certfile));
return;
}
$params = [\EventSslContext::OPT_LOCAL_CERT => $this->certfile, \EventSslContext::OPT_LOCAL_PK => $this->pkfile, \EventSslContext::OPT_VERIFY_PEER => $this->verifypeer, \EventSslContext::OPT_ALLOW_SELF_SIGNED => $this->allowselfsigned];
if ($this->passphrase !== null) {
$params[\EventSslContext::OPT_PASSPHRASE] = $this->passphrase;
}
if ($this->verifydepth !== null) {
$params[\EventSslContext::OPT_VERIFY_DEPTH] = $this->verifydepth;
}
if ($this->cafile !== null) {
$params[\EventSslContext::OPT_CA_FILE] = $this->cafile;
}
if ($this->tls === true) {
$method = \EventSslContext::TLS_SERVER_METHOD;
} elseif ($this->tls === 'v11') {
$method = \EventSslContext::TLSv11_SERVER_METHOD;
} elseif ($this->tls === 'v12') {
$method = \EventSslContext::TLSv12_SERVER_METHOD;
} elseif ($this->ssl === 'v3' || $this->ssl === true || $this->ssl === '1') {
$method = \EventSslContext::SSLv3_SERVER_METHOD;
} elseif ($this->ssl === 'v2') {
$method = \EventSslContext::SSLv2_SERVER_METHOD;
} elseif ($this->ssl === 'v23') {
$method = \EventSslContext::SSLv23_SERVER_METHOD;
} elseif ($this->ssl) {
Daemon::log(get_class($this) . ': unrecognized SSL version \'' . $this->ssl . '\'');
return;
} else {
return;
}
$this->ctx = new \EventSslContext($method, $params);
}
/**
* Initialize SSL context
* @return object|false Context
*/
protected function initSSLContext()
{
if (!\EventUtil::sslRandPoll()) {
Daemon::$process->log(get_class($this->pool) . ': EventUtil::sslRandPoll failed');
return false;
}
$params = [\EventSslContext::OPT_VERIFY_PEER => $this->verifypeer, \EventSslContext::OPT_ALLOW_SELF_SIGNED => $this->allowselfsigned];
if ($this->certfile !== null) {
$params[\EventSslContext::OPT_LOCAL_CERT] = $this->certfile;
}
if ($this->pkfile !== null) {
$params[\EventSslContext::OPT_LOCAL_PK] = $this->pkfile;
}
if ($this->passphrase !== null) {
$params[\EventSslContext::OPT_PASSPHRASE] = $this->passphrase;
}
$hash = igbinary_serialize($params);
if (!self::$contextCache) {
self::$contextCache = new CappedStorageHits(self::$contextCacheSize);
} elseif ($ctx = self::$contextCache->getValue($hash)) {
return $ctx;
}
$ctx = new \EventSslContext(\EventSslContext::SSLv3_CLIENT_METHOD, $params);
self::$contextCache->put($hash, $ctx);
return $ctx;
}
