Search code examples
phpgearman

Connecting from php application to gearman server over ssl

I am trying to encrypt the connection from an application running on php 5.6.40 to gearman server(version 1.1.12). I have started gearman server enabling ssl and passed the ca file, certificate and key as arguments. 

gearmand -d --ssl --ssl-ca-file=ca.crt --ssl-certificate=gearman.crt --ssl-key=gearman.key

Where I am stuck now is to get my php client use ssl. I am using GearmanClient class that comes with php's gearman extension and I could not figure out a way to achieve this.

 $gearmanClient = new GearmanClient();
 $gearmanClient->addServer('server ip', 4730);
 $result = $gearmanClient->doHighBackground('job-type', 'workload');

The code above works but the job-type and workload are sent un-encrypted to gearman server. If it is not possible with php's gearman extension, does anybody know if we can use socket functions to achieve this? I have gone through a lot of threads related to this, but could not find a proper answer. Apologies if this has been already answered.

Solution

  • SSL support in gearmand works just fine. I have been using it in a production environment for ~3 years now. The issue mentioned in another answer is still open because that issue is really about making improvements to the documentation, and that wishlist item is unresolved.

    Getting SSL support in the PHP extension is possible, but it will require patching and compiling the code yourself. The current version of the PHP extension can be found at https://github.com/wcgallego/pecl-gearman, but that is for PHP 7.x.

    The Gearman PECL extension for older versions of PHP (< 7.x) is no longer maintained, as far as I know, but you can download the latest version at https://github.com/hjr3/pecl-gearman and apply the patch at https://bugs.php.net/bug.php?id=67623. It works. My workplace used that in production for about a year before moving to PHP 7.x.

    If you are using PHP 7+, I recently opened a PR for adding SSL support at https://github.com/wcgallego/pecl-gearman/pull/72. You should also read the issue thread at https://github.com/wcgallego/pecl-gearman/issues/43 for some caveats.

    In either case, you also need a libgearman.so from gearmand 1.1.19 or newer that was compiled with --enable-ssl and has support for the setSSL() API.