PHP 8.4.2 Released!

インストール手順

PHP の OpenSSL サポートを使用するには、--with-openssl を指定して PHP を コンパイルする必要があります。

OpenSSL ライブラリを動作させるためには、実行時にさらに必要なものがあります。 特に、OpenSSL から乱数 (あるいは疑似乱数) 生成器にアクセスできなければなりません。 たいていの Unix および Unix 系のプラットフォーム (Linux など) の場合、 /dev/urandom あるいは /dev/random デバイスがこれにあたります。

configure オプション --with-system-ciphers が利用できます。 これにより、PHP がハードコードされたデフォルトではなく、システムが持つ暗号リストを使うようになります。

注意: Win32 ユーザーへの注意

この拡張モジュールを動作させるには、 Windows システムの PATH が通った場所に DLL ファイルが存在する必要があります。 FAQ の "Windows で PHP のディレクトリを PATH に追加するにはどうすればいいのですか?" で、その方法を説明しています。 DLL ファイルを PHP のフォルダから Windows のシステムディレクトリにコピーしても動作します (システムディレクトリは、デフォルトで PATH に含まれるからです) が、これは推奨しません。 この拡張モジュールを使用するには、以下のファイルが PATH の通った場所にある必要があります。 libeay32.dll, または、OpenSSL 1.1 以降では libcrypto-*.dll

加えてキー生成およびサイン認証関数を使用する計画がある場合、 システムに 有効な openssl.cnf をインストールする 必要があります。 Win32 バイナリ配布版にサンプル設定ファイルを同梱することにしました。 extras/ssl ディレクトリにあります。

PHP は、 以下のロジックにより openssl.cnf を探します。

  • 環境変数 OPENSSL_CONF が設定された場合、 設定ファイルの(ファイル名を含む)パスとして使用されます。
  • 環境変数 SSLEAY_CONF が設定された場合、 設定ファイルの(ファイル名を含む)パスとして使用されます。
  • ファイル openssl.cnf はデフォルトの認証エリアに あることが仮定され、openssl DLL がコンパイルされた時間で設定されます。 これは通常、デフォルトのファイル名が c:\usr\local\ssl\openssl.cnf (x64の場合), または C:\Program Files (x86)\Common Files\SSL\openssl.cnf (x86の場合), PHP 7.4.0 より前のバージョンでは C:\usr\local\ssl\openssl.cnf であることを意味します。

インストール時に、設定ファイルを デフォルトのパス または 他の場所にインストールし、(例えば仮想ホスト毎に)環境変数に設定ファ イルの場所を指定するかを選ぶ必要があります。 設定ファイルを必要とする関数の options に より、デフォルトのパスを上書きすることが可能であることに注意してください。
警告

権限がないユーザーに openssl.cnf を変更させないようにしてください。

Windows 版の PHP 8.2.0 以降でデフォルトとなっている OpenSSL 3.0.0 以降、 いくつかのアルゴリズムがレガシーとみなされるようになっています。 そうしたアルゴリズムは、暗号のコミュニティは使わなくなってきており、 かつセキュアでないと見なされてきているものです。 これらのアルゴリズムはレガシープロバイダ (extras/ssl/legacy.dll) で利用できます。その使い方は OpenSSL マニュアルの » provider configuration で説明されています。

変更履歴

バージョン 説明
7.4.0 --with-openssl[=DIR] は、ディレクトリ名を引数として受け入れなくなりました。 代わりに、pkg-config の変数 PKG_CONFIG_PATH を OpenSSL のインストールパスに設定するか、 環境変数 OPENSSL_LIBSOPENSSL_CFLAGS を設定するようにしてください。
7.4.0 OpenSSL のデフォルトの設定ファイルのパスが C:\usr\local\ssl から C:\Program Files\Common Files\SSLC:\Program Files (x86)\Common Files\SSL にそれぞれ変更されました。

add a note

User Contributed Notes 8 notes

up
45
Alan
13 years ago
Having recently installed Apache2.2 with PHP 5.2.17 on my Windows 7 development machine, I want to pass along my findings about how to set things up to load the correct versions of the OpenSSL DLLs. Many people have posted elsewhere about the "DLL Hell" that results if the a wrong version is loaded.

First, install Apache 2.2 and check its operation, then download the Windows binaries for PHP from http://windows.php.net/download/. Note that according to the sidebar on that page the recommended version of PHP for use with Apache2 is currently 5.2.17, even though it is back level. Plus, this version comes with all the DLLs you need to use OpenSSL -- no need to recompile as the old PHP man page suggests.

Having verified the PHP installation, turn on the OpenSSL support by uncommenting the line

extension=php_openssl.dll

in php.ini, which you will find in the PHP directory (I'll assume you made that c:/PHP). Next check the location of php_openssl.dll, which you should find in c:/PHP/ext. Also in php.ini find the key extension_dir, and change its value to c:/php/ext. Next, put this location on the end of your PATH (there's no need to reboot).

At this point, when you start Apache it will attempt to load php_openssl.dll, but if your setup is anything like mine you will see an error. I prefer to start Apache manually, and the error appears in a dialog box: "The ordinal 4114 could not be located in the dynamic link library LIBEAY32.dll". (I'm not sure whether you would get this message if you started Apache as a service). The Apache log also contains an error message saying that php_openssl.dll cannot be loaded, though that message doesn't name libeay32.dll. Welcome to DLL Hell.

Libeay32.dll enters the picture because php_openssl.dll depends on it (and also on ssleay32.dll). What I think happens is that Apache first tries to load php_openssl.dll programmatically from the path specified by the extension_dir key. But then, the loading of the so-called dependent DLLs is left to Windows' default mechanism. If Windows finds an incompatible version of a dependent DLL, you get the error.

So clearly the fix is to ensure that the correct version of libeay32.dll is loaded. On my machine, at least three other processes have loaded various versions of this same DLL. They include the Mozy backup client, Windows Explorer (because Mozy installs support in Explorer) and the OpenOffice suite. My machine is quite different in this respect from a dedicated server on which one probably wants as few extraneous processes as possible. Presumably on a server one can follow advice that suggests copying the dlls to the system32 directory, for example. But I'm not about to mess with my other programs by making system-wide changes.

So what to do? I didn't find the available information on how Windows searches for DLLs to be very useful, mainly because I didn't understand it. But it does say that the first place Windows looks is "The directory from which the application loaded."

To cut to the chase, after a lot of experimentation I came to a key realization -- "the application" is APACHE, not PHP. So I copied libeay32.dll to the Apache2.2/bin directory. Problem solved. No error messages and running phpinfo confirms that OpenSSL is present and enabled.

Good luck, and stay out of DLL Hell.
up
3
php-net-comment at shaunc dot com
2 years ago
FreeBSD includes a modern version of OpenSSL as part of its base system, but doesn't appear to have a pkg-config file, so the PHP configure script can't find the libraries. When compiling PHP on FreeBSD, you should define the OPENSSL_LIBS and OPENSSL_CFLAGS environment variables before running PHP's configure. For FreeBSD 12, the following will work:

export OPENSSL_LIBS="-L/usr -lssl -lcrypto -lz" && export OPENSSL_CFLAGS="-I/usr/include" && ./configure --with-openssl [...other configure options...]
up
10
epos_jk
7 years ago
Beginning with version 1.1.0 OpenSSL did change their libary names!
libeay32.dll is now libcrypto-*.dll (e.g. libcrypto-1_1-x64.dll for OpenSSL 1.1.x on 64bit windows)
ssleay32.dll is now libssl-*.dll (e.g. libssl-1_1-x64.dll for OpenSSL 1.1.x on 64bit windows)
up
3
vitoandre.doria
6 years ago
As pointed out here http://php.net/manual/de/reserved.variables.environment.php#98113 make sure that variables_order = "EGPCS" is set in your php.ini (might come without the E flag which means ignore Env variables) otherwise PHP will ignore your Environment variables. This should be part of the documentation btw...
up
8
jaimz at vertigolabs dot org
10 years ago
I just wanted to point out that when you compile with openssl and you're specifying a directory, the acinclude.m4 and aclocal.m4 use that directory as such:

{your directory}/includes/openssl/{headerfile}

That being said, you want to specify the directory that the includes directory is in, not the specific directory with the header files.

THIS IS WRONG --with-openssl=/usr/local/includes/openssl
THIS IS RIGHT --with-openssl=/usr/local
up
5
Fernando rubio
13 years ago
OpenSSL and IIS

Open php.ini
uncomment the following:
extension=php_openssl.dll

Make sure you have config the following section pointing to your php install directory (in my case is located in a second partition at e:\php) (very recommended practice)

; Directory in which the loadable extensions (modules) reside.
extension_dir = "e:/php/ext"

Add your php directory to the PATH variable

start>run>type cmd
on windows console type:
set PATH=%PATH%;e:\php
(remember replace e:\php with YOUR directory)
(note that using %path% is the same as var+=value, so the directory will be appended at the end of the variable)

php5 come with all the dll in the zip package so if you add the php directory to the path variable, you don't need to move anything to your windows system directory (very safe for later updates, because you just replace the content of your php directory)

After all these step you ready.. but of course you need to restart your IIS to apply changes, so

start>run>inetsrv/iis.msc
right click on your computer
all task>restart IIS

done!
up
4
mtudor AT icefusion remove me DOT co uk
16 years ago
SYMPTOMS AND SETUP
------------------

For anyone having problems enabling the PHP openssl extension on WINDOWS.

I uncommented: extension=php_openssl.dll and installed the latest versions of ssleay.dll and libeay.dll in <windows>\system32.

When I restarted my web server and examined phpinfo(), there was no "openssl" headed section (although there were references to openssl in other sections).

I also found this error in my web server logs (<apache dir>/logs/ssl.log and <apache dir>/logs/access.log).

PHP Warning: PHP Startup: Unable to load dynamic library 'C:\\Program Files\\PHP\\ext\\php_openssl.dll' - The operating system cannot run %1.\r\n in Unknown on line 0

I have PHP 5.2.6 running on Apache 2.2.3 for Windows.

CAUSE
-----

This was caused by PHP picking up the WRONG VERSIONS of libeay.dll and ssleay.dll, which were present in multiple locations on my computer.

When any application attempts to use a dll file in windows, the system searches for this file using the following order:
1. The directory from which the application loaded.
2. The windows\system32 directory.
3. The windows\system directory.
4. The windows directory.
5. The current directory.
6. The directories that are listed in the PATH environment variable.

(http://msdn.microsoft.com/en-us/library/ms682586.aspx)

For PHP running under Apache, the application directory is <apache dir>\bin and NOT <php dir>. PHP was finding OUT OF DATE versions of libeay.dll and ssleay.dll in <apache dir>\bin (probably installed when I enabled SSL support in my web server). Because of this, the latest versions in windows\system32 were never reached.

NOTE: Although my problem was caused by an Apache2 specific configuration, I can imagine others might face this problem if, say, they install the openssl dlls in the PHP directory and add this directory to the PATH. I haven't checked it but I would imagine if another directory in the path contains outdated openssl dlls and this is listed before the PHP directory, a similar situation would occur.

SOLUTION
--------

Either replace the dlls in the first location on the search order, or, as I did, you can install the latest openssl dlls in the the windows system32 directory and just rename to .old the ssleay.dll and libeay.dll files in the search order locations before windows\system32.

Hope that helps others who might be stuck with this.

Mark.
up
0
anrdaemon at freemail dot ru
10 years ago
If you want to configure Apache2 under Windows to use OpenSSL - please, for the love of God, do NOT copy around, or even worse - overwrite any DLL's.
First, modern Apache2 is shipped with relevant libraries, second - even if, for some reason, it can't find the right now - you can TELL it to use the right ones.
LoadLibrary.
Yes.
That simple.

LoadLibrary C:/apache2/bin/libeay32.dll
LoadLibrary C:/apache2/bin/ssleay32.dll
LoadLibrary C:/php5/php5ts.dll
LoadModule php5_module C:/php5/php5apache2_4.dll
To Top