php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63992 php not use default openSSH confing
Submitted: 2013-01-15 14:51 UTC Modified: 2021-01-12 17:55 UTC
Votes:17
Avg. Score:4.1 ± 0.9
Reproduced:14 of 15 (93.3%)
Same Version:10 (71.4%)
Same OS:8 (57.1%)
From: mikhail dot v dot gavrilov at gmail dot com Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.4.11RC1 OS: RHEL/Fedora
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2013-01-15 14:51 UTC] mikhail dot v dot gavrilov at gmail dot com 
Description:
------------
For using GOST encryption engine:
1. i compiled openSSH with GOST support
2. added the following lines in openssl.cnf

openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
default_algorithms = ALL
dynamic_path = /usr/lib/openssl/engines/libgost.so
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

But when I use curl PHP still get error: 'Cannot communicate securely with peer: 
no common encryption algorithm(s).'

Than I search I find this solution: 
http://stackoverflow.com/questions/10959771/openssl-and-gost-engine-issue-
statically-linked

So I create patch 

*** 111/openssl.c       2012-12-19 12:55:19.000000000 +0600                                                                                                   
--- openssl.c   2013-01-15 18:43:22.000000000 +0600                                                                                                           
***************                                                                                                                                               
*** 1038,1043 ****                                                                                                                                            
--- 1038,1046 ----                                                                                                                                            
        le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, 
"OpenSSL X.509", module_number);                                                     
        le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL 
X.509 CSR", module_number);                                                   
                                                                                                                                                              
+       /* needed for use default config */                                                                                                                   
+       OPENSSL_config(NULL);                                                                                                                                 
+                                                                                                                                                             
        SSL_library_init();                                                                                                                                   
        OpenSSL_add_all_ciphers();                                                                                                                            
        OpenSSL_add_all_digests();  

and my script became work.

Test script:
---------------
$address="https://icrs.nbki.ru/products/B2BRequestServlet";
// $proxy = '10.10.4.24:3128';
$xml = '';

$ch = curl_init($address);
$page = "Xml.php";
$headers = array(
	"POST ".$page." HTTP/1.0",
	"content-type:application/octet-stream;charset=\"windows-1251\"",
);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
if(isset($proxy)) curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$response = curl_exec($ch);if ($response === false) throw new Exception(curl_error($ch));
curl_close($ch);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-15 15:21 UTC] tony2001@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2013-01-25 15:03 UTC] pajoye@php.net 
A quick comment about the patch, using this function may affect anything using 
openssl within the same process, that's really not good.

Also, in case of curl, curl should take care of that, using options.
 [2013-02-05 18:32 UTC] mikhail dot v dot gavrilov at gmail dot com 
Pierre, do you think what initialization openSSL into each extension good idea? I 
think better if it will be do openssl extension for all other extensions. So I 
couldn't find OPENSSL_config(NULL); into openssl extension code and I very 
surprised and don't understand how it work. I just tried add 
OPENSSL_config(NULL); before SSL_library_init(); string and it really helped me 
solved problem with curl.
 [2013-02-05 18:46 UTC] pajoye@php.net 
There are much more in the same process than only PHP extensions. Libraries, 
servers, etc. also rely on OpenSSL.
 [2013-02-05 18:55 UTC] mikhail dot v dot gavrilov at gmail dot com 
I am tell about php-fpm. In this case only PHP and PHP extension's in the same 
process.
 [2013-02-18 03:30 UTC] mikhail dot v dot gavrilov at gmail dot com 
Pierre, are you still think that OpenSSL config init must do curl by itself? But 
but curl may use not only openSSL, also it may use NSS.
 [2013-06-19 14:47 UTC] mikhail dot v dot gavrilov at gmail dot com 
Pierre, please look this curl bug http://sourceforge.net/p/curl/bugs/1208/
Seems our problem relate with this.
 [2017-10-24 07:37 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: pajoye +Assigned To:
 [2021-01-12 17:55 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-01-12 17:55 UTC] cmb@php.net 
This is fixed[1] as of PHP 7.2.0.

[1] <https://github.com/php/php-src/commit/1f843a8fb50de77a3f53a6b892a46d9e0afdfdd7>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 19:01:28 2024 UTC