php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79589 error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
Submitted: 2020-05-12 10:21 UTC Modified: 2020-08-16 16:11 UTC
Votes:18
Avg. Score:4.8 ± 0.5
Reproduced:18 of 18 (100.0%)
Same Version:7 (38.9%)
Same OS:5 (27.8%)
From: mumu at seznam dot cz Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.4.5 OS:
Private report: No CVE-ID: None
 [2020-05-12 10:21 UTC] mumu at seznam dot cz
Description:
------------
I have started to receiving
file(): SSL operation failed with code 1. OpenSSL Error messages:
error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
while trying to run 
file('https://www.cnb.cz/cs/financni-trhy/devizovy-trh/kurzy-devizoveho-trhu/kurzy-devizoveho-trhu/denni_kurz.txt?date=11.05.2020', FILE_IGNORE_NEW_LINES);

This issue opened against OpenSSL might be related:
https://github.com/openssl/openssl/issues/11381

If I understand the OpenSSL issue thread correctly, they:
- They are confident the OpenSSL code change triggering this error is valid but they rollback the change in 1.1.1f to not break backward compatibility while keeping the code in future major versions.
- They insists the underlaying issue lays in softwares using OpenSSL as the software does not close the SSL session correctly - see https://github.com/openssl/openssl/issues/11381#issuecomment-602229519


Test script:
---------------
<?php

$lines = file('https://www.cnb.cz/cs/financni-trhy/devizovy-trh/kurzy-devizoveho-trhu/kurzy-devizoveho-trhu/denni_kurz.txt?date=11.05.2020', FILE_IGNORE_NEW_LINES);

dump_var($lines);

Expected result:
----------------
File is properly downloaded.

Actual result:
--------------
file(): SSL operation failed with code 1. OpenSSL Error messages: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading

Patches

openssl-ignore-eof.patch (last revision 2022-03-29 11:55 UTC by arekm at maven dot pl)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-05-12 10:56 UTC] cmb@php.net
Well, the good news is that PHP 7.3.18RC1 and 7.4.6RC1 already
ship with OpenSSL 1.1.1g, so the immediate problem is solved.

The bad news is that there may indeed be an issue with our OpenSSL
usage.
 [2020-05-12 10:57 UTC] cmb@php.net
-Package: Filesystem function related +Package: OpenSSL related
 [2020-05-30 20:53 UTC] huzaifarasheen900 at mail dot com
I Just want to add something.I did this with normal php and it worked fine but with the php laravel framework it gives me the same error.
My php version 7.4.5,OS Win10 Pro 2019 in laravel 6.
 [2020-07-15 11:27 UTC] wrfrodrigues at gmail dot com
Olá. Estou tendo o mesmo problema que o huzaifarasheen900 informou.

linha de teste: 

$var = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . SECRET_KEY . "&response={$SecretKey}");

Resultado:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading in D:\Projetos\Paginas de Teste\ClassCaptcha.php on line 14

Meu php versão 7.4.5,OS Win10 sem lavável
 [2020-07-20 13:14 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-07-20 13:14 UTC] cmb@php.net
> My php version 7.4.5,OS Win10 Pro 2019 in laravel 6.

> Meu php versão 7.4.5,OS Win10 sem lavável

Thanks.  This issue is resolved as of PHP 7.4.6.
 [2020-08-16 15:50 UTC] bukka@php.net
-Status: Closed +Status: Re-Opened -Operating System: Windows 2012 R2 +Operating System:
 [2020-08-16 15:50 UTC] bukka@php.net
This will still need to be fixed for OpenSSL 3.0 so re-opening and removing OS
 [2020-08-16 16:11 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 [2022-03-29 11:30 UTC] arekm at maven dot pl
php master as of today:

commit c9c5ee3f48a21c8911d2e1c68c4e0ca5d5f58840 (HEAD -> master, origin/master, origin/HEAD)
Merge: a6d88d3b26 7e8dcda42c
Author: Christoph M. Becker <cmbecker69@gmx.de>
Date:   Tue Mar 29 10:54:32 2022 +0200

    Merge branch 'PHP-8.1'

build simplest way possible

./configure --prefix=$HOME/test/php-test --with-openssl
make
make install

with

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
linux distro, glibc 2.35

and

php-test]$ ./bin/php ~/ssl-test1.php

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000126:SSL routines::unexpected eof while reading in /home/users/arekm/ssl-test1.php on line 4

$ cat /home/users/arekm/ssl-test1.php
<?php

$recaptcha_url = 'https://   www.    google.    com/recaptcha/api/siteverify'; // remove spaces
file_get_contents($recaptcha_url);
 [2022-03-29 11:55 UTC] arekm at maven dot pl
The following patch has been added/updated:

Patch Name: openssl-ignore-eof.patch
Revision:   1648554903
URL:        https://bugs.php.net/patch-display.php?bug=79589&patch=openssl-ignore-eof.patch&revision=1648554903
 [2022-04-12 08:38 UTC] rando dot hinn at ahhaa dot ee
Is there a temporary workaround for this on php 8.1.2 or when could we expect the patch to be shipped?
 [2022-04-27 10:22 UTC] joke2k at gmail dot com
I had the same error with php8.0 after updating Ubuntu to 22.04 (which upgrades OpenSSL to 3.0).

Running `sudo apt install php8.0-curl` the issue disappeared.
 [2022-05-05 01:02 UTC] kravetzpm at gmail dot com
I got rid of the error message by modifying openssl.cnf as described here:

https://gist.github.com/rdh27785

My setup: Ubuntu Server 22.04 LTS, apache2, php8.1
 [2022-05-12 01:47 UTC] gilperon at gmail dot com
After upgrading my CentOS to Stream 9 and installing PHP 8.1.x I started receiving the warning message below:

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000126:SSL routines::unexpected eof while reading in /test.php on line 5

I changed the file "/etc/ssl/openssl.cnf" (as other people suggested), enabling legacy, but the warning message still shows up (even after rebooting the server). Some people had success with this change but all of them were on Ubuntu. I didnt find any person using CentOS that managed to make the warning disappear changing the openssl.cnf file.!
 [2022-05-12 01:53 UTC] gilperon at gmail dot com
My openssl version is below:

[root@localhost ~]# openssl version
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)


My openssl.cnf file is below (the changes proposed to this file in order to prevent the warning were not done below, I am pasting you the original file contents):
 [2022-05-12 01:55 UTC] gilperon at gmail dot com
#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers

# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename

# This definition stops the following lines choking if HOME isn't
# defined.
HOME			= .

 # Use this in order to automatically load providers.
openssl_conf = openssl_init

# Comment out the next line to ignore configuration errors
config_diagnostics = 1

# Extra OBJECT IDENTIFIER info:
# oid_file       = $ENV::HOME/.oid
oid_section = new_oids

# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions		=
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6

# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7

[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
ssl_conf = ssl_module

# Uncomment the sections that start with ## below to enable the legacy provider.
# Loading the legacy provider enables support for the following algorithms:
# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
# Key Derivation Function (KDF): PBKDF1
# In general it is not recommended to use the above mentioned algorithms for
# security critical operations, as they are cryptographically weak or vulnerable
# to side-channel attacks and as such have been deprecated.

[provider_sect]
default = default_sect
##legacy = legacy_sect
##
[default_sect]
activate = 1

##[legacy_sect]
##activate = 1
 [2022-05-12 01:56 UTC] gilperon at gmail dot com
I gave up providing you the contents of my openssl.cnf file... php.net blocked me everytime I pasted the content of the file, saying there are links not allowed... anyway, if you want the file I can provide you by mail.
 [2022-05-15 15:53 UTC] git@php.net
Automatic comment on behalf of bukka
Revision: https://github.com/php/php-src/commit/74f75db0c3665677ec006cd379fd561feacffdc6
Log: Fix bug #79589: ssl3_read_n:unexpected eof while reading
 [2022-05-15 15:53 UTC] git@php.net
-Status: Re-Opened +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC