I am trying to encrypt the connection from an application running on php 5.6.40 to gearman server(version 1.1.12). I have started gearman server enabling ssl and passed the ca file, certificate and key as arguments.
gearmand -d --ssl --ssl-ca-file=ca.crt --ssl-certificate=gearman.crt --ssl-key=gearman.key
Where I am stuck now is to get my php client use ssl. I am using GearmanClient class that comes with php’s gearman extension and I could not figure out a way to achieve this.
$gearmanClient = new GearmanClient();
$gearmanClient->addServer('server ip', 4730);
$result = $gearmanClient->doHighBackground('job-type', 'workload');
The code above works but the job-type and workload are sent un-encrypted to gearman server. If it is not possible with php’s gearman extension, does anybody know if we can use socket functions to achieve this? I have gone through a lot of threads related to this, but could not find a proper answer. Apologies if this has been already answered.
3
Answers
SSL is alleged to be not working. This was posted as a bug long time ago and the issue is still considered open. The official extension seems dead as well: last release was more than 6 years ago.
If I were in your shoes I’d switch to something more stable with better community support.
I hesitated to answer the question previously because it is related to PHP.
Actually
gearmand
supports SSL connection properly. The issue mentioned by @emix is still opened because there is no ssl tests forgearmand
itself in repository.Perl Implementation of
gearmand
Client/Worker supports SSL connection and contains ssl tests for the purpose.SSL support in gearmand works just fine. I have been using it in a production environment for ~3 years now. The issue mentioned in another answer is still open because that issue is really about making improvements to the documentation, and that wishlist item is unresolved.
Getting SSL support in the PHP extension is possible, but it will require patching and compiling the code yourself. The current version of the PHP extension can be found at https://github.com/wcgallego/pecl-gearman, but that is for PHP 7.x.
The Gearman PECL extension for older versions of PHP (< 7.x) is no longer maintained, as far as I know, but you can download the latest version at https://github.com/hjr3/pecl-gearman and apply the patch at https://bugs.php.net/bug.php?id=67623. It works. My workplace used that in production for about a year before moving to PHP 7.x.
If you are using PHP 7+, I recently opened a PR for adding SSL support at https://github.com/wcgallego/pecl-gearman/pull/72. You should also read the issue thread at https://github.com/wcgallego/pecl-gearman/issues/43 for some caveats.
In either case, you also need a
libgearman.so
from gearmand 1.1.19 or newer that was compiled with--enable-ssl
and has support for thesetSSL()
API.