Caretaker

http://www.php.net/manual/en/openssl.installation.php says:

Note: You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.

So I guess my system does not have one?

Here's a small test script:

_____________________________________________________________
ini_set('display_errors', 1);

// Create the keypair
$res=openssl_pkey_new();

var_dump($res);

// Get private key
openssl_pkey_export($res, $privkey, "PassPhrase number 1" );

// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
var_dump($privkey);
var_dump($pubkey);
_____________________________________________________________

For me, the first line ($res=openssl_pkey_new();) creates a $res containing bool(false).

I created a ticket with the hosting provider.

Keep us updated. I'm interested weather the provider can fix this.

Here is the response from the hoster:

Dear Mr Roos,

our accounts are configured to work with a maximum of firmness. There are a lot of stable features for TYPO3 available, but we can not implement all Features.

You need a special solution for a monitoring system. The approaches extension is build for an own server- and infrastructure with more rights and possibilities.

It is possible to make the Script running, but I think it is not the right way. I argue:

- If we implement the function in one of your accounts, the account is not updateable or portable any more.
- We can not guarantee of the system stability.
- Our technical Team works for min 4 Hours to implements the function in one account. It costs 22€ (without tax) per 15 minutes.

with kind regards,

Olaf Clemens (customer service)
_______________________

Mittwald CM Service

Königsberger Straße 6
32339 Espelkamp

Tel.: 05772-293-100
Fax: 05772-293-333

E-Mail: support@mittwald.de

Geschäftsführer: Robert Meyer
HRA 6640, AG Bad Oeynhausen

The latest message from Mittwald:

Hi Michiel,

I'm sorry that I understood you wrong. For me it sounded like a threat and maybe you can understand that I was wondering about that. It's good to know that it was an misunderstanding.

Of course I can understand your need for caretaker, especially if it saves you a lot of money and as I said myself an individual solution isn't the best solution on the long term in that case. For me a non updatable system wouldn't be an option, too. And, of course you're right, it would be a bad advise to suggest Mittwald to people who want to use something we can't offer. That would'nt lead to an satisfying end for us as to our customers. On the other side, of course, it's definitly very interesting for us to know what our customers need. We're collecting request for special features, and if we see there several requests for one we do our best to implement it. A lot of the features in our current customers login are based on such requests.

Caretaker sounds, in the way you discribe it, like an extension which might be interesting for resellers with a bigger amount of accounts. Due to that I added caretaker support into out feature request database for our product management. If we get more requests for it, or the product management thinks we should support it anyway we might be implementing it globaly. I understand that this isn't very interesting for you, as you need it now, but I want you know that we take our customers needs seriously.

Kind regards

Richard Westebbe
(Department Chief Customer Service)

If you are a customer, please open a support ticket and ask to enable openssl support in their installations.

As mentioned in the PHP manual (see link from Michiel above), the problem is caused by a missing openssl configuration file (openssl.conf). This file can be either totally missing or not in the place where PHP is looking for it.

If the openssl file is missing entirely, it should be created in some way, probably by going through a complete openssl installation. From what I could read on some sites, it seems possible to simply donwload a sample openssl.cnf file, but I'm not sure if it must be adapted and how.

Then you should either copy the openssl.cnf or symlink to it in the place where PHP expects it. This can be guessed from phpinfo(). Look at the path that was given for the --with-openssl option. The file will be looked for in that path + /ssl/openssl.cnf (e.g. "--with-openssl=/usr/local" => file is expected in /usr/local/ssl/openssl.cnf)

So this is not a caretaker bug, but I think it should be mentioned in the documentation as it may be a common pitfall.

We had the same problem on a mittwald server, too. We used Michiels script posted in the maillinglist to generate the public/private keys

<?php

    $keyPair = openssl_pkey_new();

    openssl_pkey_export($keyPair, $privateKey);

    $publicKey = openssl_pkey_get_details($keyPair);
    $publicKey = $publicKey['key'];

    $publicKey = str_replace("\n", '|', $publicKey);
    $privateKey = str_replace("\n", '|', $privateKey);

?>

<html>
        <head>
        <script type="text/javascript">
                function SelectAll(id)
                {
                        document.getElementById(id).focus();
                        document.getElementById(id).select();
                }
        </script>

        </head>
        <body>
                <form name="blip">
                        Public: <input id="pub" onclick="SelectAll('pub');" name="pub" 
value="<?php echo $publicKey ?>" size="150" /><br/>
                        Private: <input id="priv" onclick="SelectAll('priv');" name="priv" 
value="<?php echo $privateKey ?>" size="150" /><br/>
                </form>
        </body>
</html>

After pressuring our hosting provider with the BE RSA login wish that many users updating to TYPO3 4.3 will have, Mittwald fixed the issue for our hosts.

If you host with Mittwald, please open a ticket and they will fix the issue for you.

Good work Mittwald!

;-)

i'll integrade a proper check in the instance UPDATE method and add a notice how to generate the keys, if generation fails.

thanks Michiel for your note about the mittwald support.

I had the same problem with a Debian-Server that has Zend installed. Thanks to Francois, I was able to create a symlink in "/usr/local/openssl-0.9.8o/ssl" (had to create that directory) that points to the correct file in "/etc/ssl/openssl.cnf".