Apache 服务器（xampp）在使用 openssl 函数时崩溃

我正在尝试使用 php.ini 生成私钥/公钥对。

服务器：Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7

操作系统是 Windows XP SP3，安装了所有 Windows 更新。

我正在尝试执行以下脚本：

<?php

$ssl_path = getcwd();
$ssl_path = preg_replace('/\\\/','/', $ssl_path);  // Replace \ with /

$config = array(
    'config'           => "$ssl_path/openssl.cnf",
    'private_key_bits' => 1024, 
    'private_key_type' => OPENSSL_KEYTYPE_RSA
);

$dn = array(
   "countryName"            => "AT",
   "stateOrProvinceName"    => "Vienna",
   "localityName"           => "Cambs",
   "organizationName"       => "UniServer",
   "organizationalUnitName" => "Demo",
   "commonName"             => "localhost",
   "emailAddress"           => "[email protected] /cdn-cgi/l/email-protection"
);

$privateKey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privateKey, $config);
$sscert = openssl_csr_sign($csr, NULL, $privateKey, 365, $config);
openssl_pkey_export_to_file($privateKey, "C:/server.key", NULL, $config);
openssl_x509_export_to_file($sscert,  "C:/server.crt", FALSE);
openssl_csr_export_to_file($csr, "C:/server.csr");
$keyDetails = openssl_pkey_get_details($privateKey);
file_put_contents('C:/public.key', $keyDetails['key']);

?>

这是我的 openssl.cnf：

#######################################################################
# File name: openssl.cnf
# Created By: The Uniform Server Development Team
########################################################################

#
# OpenSSL configuration file.
#

# Establish working directory.
dir         = .

[ req ]
default_bits            = 1024
default_md              = sha1
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
x509_extensions         = v3_ca
string_mask             = nombstr

[ req_distinguished_name ]
countryName             = Country Name (2 letter code)
countryName_min         = 2
countryName_max         = 2
stateOrProvinceName     = State or Province Name (full name)
localityName            = Locality Name (eg, city)
0.organizationName      = Organization Name (eg, company)
organizationalUnitName  = Organizational Unit Name (eg, section)
commonName              = Common Name (eg, YOUR fqdn)
commonName_max          = 64
emailAddress            = Email Address
emailAddress_max        = 64

[ ssl_server ]
basicConstraints        = CA:FALSE
nsCertType              = server
keyUsage                = digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, nsSGC, msSGC
nsComment               = "OpenSSL Certificate for SSL Web Server"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
basicConstraints        = critical, CA:true, pathlen:0
nsCertType              = sslCA
keyUsage                = cRLSign, keyCertSign
extendedKeyUsage        = serverAuth, clientAuth
nsComment               = "OpenSSL CA Certificate"

当我尝试执行此脚本时，apache 崩溃并重新启动。是什么导致了这个问题？

顺便说一句：如果我尝试使用 phpseclib0.3.1 库，则会发生同样的错误。

提前谢谢了！

根据我的经验， openssl_pkey_get_details() 需要 X.509 证书才能获取公钥 - 而不是私钥（尽管文档中有说明）。

实际上可能更容易做到这一切phpseclib，纯 PHP X.509 实现 http://phpseclib.sourceforge.net/index.html. eg.:

http://phpseclib.sourceforge.net/x509/examples.html#selfsigned http://phpseclib.sourceforge.net/x509/examples.html#selfsigned

<?php
include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDN(array(
    "countryName"            => "AT",
    "stateOrProvinceName"    => "Vienna",
    "localityName"           => "Cambs",
    "organizationName"       => "UniServer",
    "organizationalUnitName" => "Demo",
    "commonName"             => "localhost",
    "emailAddress"           => "[email protected] /cdn-cgi/l/email-protection"
 ));
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();

$result = $x509->sign($issuer, $subject);

$csr = $issuer->signCSR();
$csr = $x509->saveCSR($csr);

file_put_contents("C:/server.key", $privKey->getPrivateKey());
file_put_contents("C:/server.crt", $x509->saveX509($result));
file_put_contents('C:/public.key', $privKey->getPublicKey());
file_put_contents("C:/server.csr", $csr);
?>