php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61276 OpenSSL old version
Submitted: 2012-03-04 18:06 UTC Modified: 2012-03-05 20:01 UTC
From: frenky dot pv at atlas dot cz Assigned:
Status: Not a bug Package: *Network Functions
PHP Version: 5.4.0 OS: Win 2k3 IIS 6
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: frenky dot pv at atlas dot cz
New email:
PHP Version: OS:

 

 [2012-03-04 18:06 UTC] frenky dot pv at atlas dot cz
Description:
------------
file(): SSL operation failed with code 1. OpenSSL Error messages:
error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) in C:\Inetpub\KC\class\tab_card.php at line 1452

file(): Failed to enable crypto in C:\Inetpub\KC\class\tab_card.php at line 1452
file(https://.../resetpwd.jsp...): failed to open stream: operation failed in C:\Inetpub\...\tab_card.php at line 1452

PHP 5.4 old verse contains the OpenSSL functions that the file has a problem with loading the https site, where the version used 1.0.0.x. When you replace the files libeay32.dll and libssl32.dll version 0.9.8.20 for 1.0.0.7 and PHP (fastcgi) becomes unstable and causes HTTP error 500 (internal error).

Test script:
---------------
$url = 'http://...';
$out = file( $url );


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-05 18:44 UTC] pajoye@php.net
Please use the 0.9.x version of openssl.

With IIS you can use fastcgi and PHP's own DLLs.
 [2012-03-05 18:44 UTC] pajoye@php.net
-Status: Open +Status: Not a bug
 [2012-03-05 20:01 UTC] frenky dot pv at atlas dot cz
I use version 0.9.8.20 OPENSSL.

 The problem has been solved:
 When using curl CURLOPT_SSLVERSION must be set to 3
 All this works.
 [2013-05-03 21:38 UTC] mancha1 at hush dot com
Hello. This is due to how OpenSSL 0.9.8 mishandles warning-level alerts. I have submitted a fix to OpenSSL for their review which you can track here: http://marc.info/?l=openssl-dev&m=136760073921954&w=2 (RT #3038).

--mancha
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 10:01:28 2024 UTC