<?php
  $fd = fsockopen(
    'ssl://www.somehost.com',
    443,
    $errno,
    $errstr,
    30
  );
  fputs($fd, "GET / HTTP/1.0\r\n\r\n");
  while (!feof($fd)) {
    echo fgets($fd, 1024);
  );
?>
After executing of this script following message appears:
Warning: fgets() [function.fgets]: SSL: fatal protocol error in
/blah/blah/blah/blah.php on line NN

PHP was configured with following arguments:
#!/bin/sh
./configure --with-apache=../apache_1.3.27rusPL30.17 --with-mod_charset
--with-pgsql=/usr/local/pgsql --with-mhash --with-sybase=/usr/local
--with-openssl

I've not verified this patch will work and I'll hopefully test it
tomorrow.

I believe it is reaching the end of the file and nr_bytes is returning 0
and this is being caught by an if statement which should be looking for
-1.

--- network.c   Thu Aug 21 21:06:43 2003
+++ network.c.patched   Thu Aug 21 21:13:09 2003
@@ -1011,13 +1011,14 @@
                do {
                        nr_bytes = SSL_read(sock->ssl_handle, buf,
count);
 
-                       if (nr_bytes <= 0) {
+                       if (nr_bytes < 0) {
                                retry = handle_ssl_error(stream,
nr_bytes TSRMLS_CC);
                                if (retry == 0 &&
!SSL_pending(sock->ssl_handle)) {
                                        stream->eof = 1;
                                }
                        } else {
-                               /* we got the data */
+                               /* we got the data */
+                               stream->eof = 1;
                                break;
                        }
                } while (retry);

Could you try the next stable snapshot (due in a few minutes)?

I comitted a fix for a different bug that might make a
difference to this one.

If it hasn't fixed it, could you post an https:// URL
that reproduces the problem, so that I can investigate
further?

Re-opening at user request.

Users comments that have mysteriously vanished are:
===================================================

See the code below to verify , I'm not able to alter php versions since
it's hosted with my ISP so please test it with the latest version so it
can be closed as being fixed or further investigation needed. 

<?php

$method = "ssl://";
$host = "memberservices.passport.net";
$port = 443;
$url = "/";

$file = fsockopen($method.$host,$port,$errno,$errstr,30);
if(!$file) {
print ("error");
exit;
}
fputs($file,"GET ".$url." HTTP/1.1\r\n");
fputs($file,"Host: ".$host."\r\n");
fputs($file,"Connection: Keep-Alive\r\n");
fputs($file,"Cache-Control: no-cache\r\n\r\n");
while(!feof($file)) {
$output = fgets ($file, 1024);
}
fclose($file);

?>

output:

PHP Warning:  fgets(): SSL: fatal protocol error in
/path.to/test_ssl.php on line 18

Please put the bug to 'open'.

Similar bug in PHP Win32 5.0B2

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

I've just comitted a fix for feof() that might solve this problem too.

Please try the next snapshot (dated after this notification) and let us
know.

I am having the same problem on Red Hat 9.0 with PHP 5.0 B2. It's coming
from Net/Socket.php

I've been experiencing the same problem with PHP 4.3.4 running on a
Linux Slackware/Apache server.  The problem did initially crop up inside
the PEAR Socket class which I'm trying to use to connect to
Authorize.Net's gateway.  Here's the exact message returned (with path
changes):

Warning: fread(): SSL: fatal protocol error in /path/to/Net/Socket.php
on line 243

Red Hat 9
PHP 4.3.4, Apache 2.0.48, OpenSSL 0.9.7c (built from source)

Also happens with either fread() or feof() on an SSL socket connection
opened with fsockopen ($request):

while (!feof($request)) $response .= fread($request, 4096);

This code works flawlessly on a non-SSL socket connection.

This bug is apparently still living; even in PHP 5.0b3...

Keep it assigned to the only person who can fix it..

I'm sorry but I can't really tell based on this thread if there was ever
a version of PHP where this problem was corrected.  Is there a version?

I'm on 4.3.3 currently under IPlanet.

Is there a workaround without using cURL?

I am seeing the same error. It appears to be generated after the
following loop has completed. More specifically, the Warning message is
emitted just after the loop terminates.

while( !feof($handle) )
{
   echo "Looping to read in all of the reply.<br>";
   $reply .= fgets($handle);
}

PHP 4.3.4 compiled with --with-openssl

What other information would be helpful?

This also seems to cause a problem with file_get_contents which I am
using to retrieve transaction data.  Test case is:
<code><?php
file_get_contents("https://any.secure.server");
?></code>
returns:
<code>Warning: file_get_contents(): SSL: fatal protocol error in
/usr/local/www/data-dist/navdev/test.php on line 2</code>

...plus whatever data the secure server provides.

Found the cause of this now.

Its Microsoft's we can do what we want attituide in regards to IIS.

An EOF occured but the SSL "close_notify" message hasn't been sent.

I'll write a patch and post it tomorrow hopefully.

Since this indeed an error but it will happen anytime you make an HTTPS
request to IIS i think the error should be changed to E_NOTICE and the
error message updated to what it actually does.

Patch
---
diff -u network.c network.c.patched
--- network.c   2004-02-17 01:20:49.000000000 +0000
+++ network.c.patched   2004-02-17 01:22:23.000000000 +0000
@@ -870,8 +870,8 @@
                case SSL_ERROR_SYSCALL:
                        if (ERR_peek_error() == 0) {
                                if (nr_bytes == 0) {
-                                       php_error_docref(NULL TSRMLS_CC,
E_WARNING,
-                                                       "SSL: fatal
protocol error");
+                                       php_error_docref(NULL TSRMLS_CC,
E_NOTICE,
+                                                       "SSL: EOF
occurred in violation of protocol");
                                        stream->eof = 1;
                                        retry = 0;
                                } else {

Marking as documentation problem. Some (IIS) non-standard 
compliant servers send data in a way that causes PHP to 
raise warnings. When working with such servers you should 
lower your error_reporting level not to include warnings. 

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

I'm seeing this against an apache server.  What version is this fixed
in? 

file_get_contents("https://.....");

PHP 4.3.2 (cgi), Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies

I have fixed it for now with error_reporting but would like to get a
true fix.

PHP Version 5.0.0RC2

Configure Command 	'./configure' '--with-openssl' ...

if ( $fp = fopen("https://xxxxxxxx, "r") ) {
	while ( $row = fgets($fp, 1024) ) {
		print($row);
	}
	fclose($fp);
}

Warning: fgets() [function.fgets]: SSL: fatal protocol error in
xxxxxxxxxxxxxxxxxxx.php on line xx

however it GETS the data...

Hi,
this bug still exists on php4-STABLE-200405031430. ;-(

System:
- Linux (RedHat 8) 2.4.20-28.8 #1 Thu Dec 18 12:53:39 EST 2003 i686 i686
i386 GNU/Linux
- php4-STABLE-200405031430
- OpenSSL 0.9.6b

Configure command:
'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql'
'--with-openssl' '--with-sapdb=/opt/sapdb/interfaces/odbc/'

php-script:
<?php
        $url = "https://foo.bar";
        file_get_contents($url);
?>

Output:
Warning: file_get_contents(): SSL: fatal protocol error in
/www/www.default.de/html/https2.php on line 3

Any help for me?

Greetings
grizu

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

This has just been fixed in CVS.

Note that due to the nature of the problem (eg: IIS being at fault),
there is no way for PHP to determine the difference between a legitimate
problem and a bogus IIS unless you are using the built-in HTTP wrapper:
we inspect the headers to determine if we should show the warning or
not.

So, if you are manually opening an SSL stream, you still need to
suppress the warning yourself based on the presence of "Server:
Microsoft-IIS" in the headers that you read.

Stupid bug system...
The will be in the next snapshot from http://snaps.php.net.

I've noticed we've all dismissed this as a Microsoft IIS error, but
we've been receiving the same warning using Apache 1.3.31 and PHP 5.0.0
and PHP 5.0.1, configured with the following options:
./configure --with-mysql=shared,/usr --prefix=/usr
--with-apxs=/usr/bin/apxs-ssl --disable-rpath --with-layout=GNU
--with-pear=/usr/share/php --enable-ftp --with-gettext --enable-sockets
--with-zlib --with-kerberos=/usr --with-openssl
--with-exec-dir=/usr/lib/php5/libexec --with-dom=shared,/usr --with-xsl
--with-gettext

Have any apache users had this error and corrected it?

I'm seeing this in 5.0.2 using HTTP_Client-1.0.0 and HTTP_Request-1.2.3,
Net_Socket-1.0.2.

require_once 'HTTP/Client.php';

$url = 'https://wipcore.t-mobile.com/login';
$data = array(
        txtMSISDN=>'myphonenumber',
        txtPassword=>'mypassword',
        tmobile=>'true',
        chkRemember=>'chkRemember',
        hdnAOL=>'');

$client = new HTTP_Client();
$response = $client->post($url, $data);
$response = $client->currentResponse();
print_r($response);
?>

Warning: fread() [function.fread]: SSL: fatal protocol error in
/usr/local/lib/php/Net/Socket.php on line 262
Array ( [code] => 200 [headers] => Array ( [Date] => Tue, 05 Oct 2004
06:58:40 GMT [date] => Tue, 05 Oct 2004 06:58:40 GMT [X-Powered-By] =>
ASP.NET [x-powered-by] => ASP.NET [cache-control] => private [pragma] =>
no-cache [x-rim-content-location] =>
"/appdata/rim/idlescreen/carrier/brand" [X-ContentSig] =>
"iQA/AwUAjc1EX/glq1oAoLnzxyr1/ldOXKnENFEa88tQ+IIE" [x-contentsig] =>
"iQA/AwUAjc1EX/glq1oAoLnzxyr1/ldOXKnENFEa88tQ+IIE" [Connection] => close
[connection] => close [Content-Type] => text/html [content-type] =>
text/html [Cache-control] => private [Content-Encoding] => gzip
[content-encoding] => gzip [Transfer-Encoding] => chunked
[transfer-encoding] => chunked [Expires] => Wed, 01 Jan 1997 12:00:00
GMT [expires] => Wed, 01 Jan 1997 12:00:00 GMT [Vary] => Accept-Encoding
[vary] => Accept-Encoding ) [body] =>

jon at latchkey dot com:
ask the authors of those packages to read this report and fix their
code.  It is not a PHP bug.

For those interested, I have submitted a bug report for PEAR::Net_Socket
and added a comment to a bug report for HTTP_Request.

I would include bug #'s and links, but the bug system seems to have just
gone down...