Apache服务器（xampp）在使用openssl函数时崩溃

Question

我试图用php生成私钥/公钥对。

服务器：Apache/2.4.3（Win32的）的OpenSSL/1.0.1c PHP/5.4.7

的操作系统是Windows XP SP3安装所有的Windows更新。

我试图执行下面的脚本：

<?php 

$ssl_path = getcwd(); 
$ssl_path = preg_replace('/\\\/','/', $ssl_path); // Replace \ with/

$config = array(
    'config'   => "$ssl_path/openssl.cnf", 
    'private_key_bits' => 1024, 
    'private_key_type' => OPENSSL_KEYTYPE_RSA 
); 

$dn = array(
    "countryName"   => "AT", 
    "stateOrProvinceName" => "Vienna", 
    "localityName"   => "Cambs", 
    "organizationName"  => "UniServer", 
    "organizationalUnitName" => "Demo", 
    "commonName"    => "localhost", 
    "emailAddress"   => "me@example.com" 
); 

$privateKey = openssl_pkey_new($config); 
$csr = openssl_csr_new($dn, $privateKey, $config); 
$sscert = openssl_csr_sign($csr, NULL, $privateKey, 365, $config); 
openssl_pkey_export_to_file($privateKey, "C:/server.key", NULL, $config); 
openssl_x509_export_to_file($sscert, "C:/server.crt", FALSE); 
openssl_csr_export_to_file($csr, "C:/server.csr"); 
$keyDetails = openssl_pkey_get_details($privateKey); 
file_put_contents('C:/public.key', $keyDetails['key']); 

?> 

这是我openssl.cnf中：

####################################################################### 
# File name: openssl.cnf 
# Created By: The Uniform Server Development Team 
######################################################################## 

# 
# OpenSSL configuration file. 
# 

# Establish working directory. 
dir   = . 

[ req ] 
default_bits   = 1024 
default_md    = sha1 
default_keyfile   = privkey.pem 
distinguished_name  = req_distinguished_name 
x509_extensions   = v3_ca 
string_mask    = nombstr 

[ req_distinguished_name ] 
countryName    = Country Name (2 letter code) 
countryName_min   = 2 
countryName_max   = 2 
stateOrProvinceName  = State or Province Name (full name) 
localityName   = Locality Name (eg, city) 
0.organizationName  = Organization Name (eg, company) 
organizationalUnitName = Organizational Unit Name (eg, section) 
commonName    = Common Name (eg, YOUR fqdn) 
commonName_max   = 64 
emailAddress   = Email Address 
emailAddress_max  = 64 

[ ssl_server ] 
basicConstraints  = CA:FALSE 
nsCertType    = server 
keyUsage    = digitalSignature, keyEncipherment 
extendedKeyUsage  = serverAuth, nsSGC, msSGC 
nsComment    = "OpenSSL Certificate for SSL Web Server" 

[ v3_req ] 
basicConstraints = CA:FALSE 
keyUsage   = nonRepudiation, digitalSignature, keyEncipherment 

[ v3_ca ] 
basicConstraints  = critical, CA:true, pathlen:0 
nsCertType    = sslCA 
keyUsage    = cRLSign, keyCertSign 
extendedKeyUsage  = serverAuth, clientAuth 
nsComment    = "OpenSSL CA Certificate" 

当我尝试执行该脚本的Apache崩溃并重新启动。什么导致这个问题？

顺便说一句：如果我尝试使用phpseclib0.3.1库会发生同样的错误。

非常感谢提前！

Answer 1

以我的经验openssl_pkey_get_details（）需要X.509证书得到的公钥 - 不是一个私有密钥（尽管文件说什么）。

实际上可能更容易做到这一切与phpseclib, a pure PHP X.509 implementation。例如：

http://phpseclib.sourceforge.net/x509/examples.html#selfsigned

<?php 
include('File/X509.php'); 
include('Crypt/RSA.php'); 

// create private key/x.509 cert for stunnel/website 
$privKey = new Crypt_RSA(); 
extract($privKey->createKey()); 
$privKey->loadKey($privatekey); 

$pubKey = new Crypt_RSA(); 
$pubKey->loadKey($publickey); 
$pubKey->setPublicKey(); 

$subject = new File_X509(); 
$subject->setDN(array(
    "countryName"   => "AT", 
    "stateOrProvinceName" => "Vienna", 
    "localityName"   => "Cambs", 
    "organizationName"  => "UniServer", 
    "organizationalUnitName" => "Demo", 
    "commonName"    => "localhost", 
    "emailAddress"   => "me@example.com" 
)); 
$subject->setPublicKey($pubKey); 

$issuer = new File_X509(); 
$issuer->setPrivateKey($privKey); 
$issuer->setDN($subject->getDN()); 

$x509 = new File_X509(); 

$result = $x509->sign($issuer, $subject); 

$csr = $issuer->signCSR(); 
$csr = $x509->saveCSR($csr); 

file_put_contents("C:/server.key", $privKey->getPrivateKey()); 
file_put_contents("C:/server.crt", $x509->saveX509($result)); 
file_put_contents('C:/public.key', $privKey->getPublicKey()); 
file_put_contents("C:/server.csr", $csr); 
?>