php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69319 stream_context_set_default() options not set as default in streaming functions
Submitted: 2015-03-28 12:52 UTC Modified: 2025-07-15 13:38 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: php at 281180 dot de Assigned: bukka (profile)
Status: Wont fix Package: OpenSSL related
PHP Version: 5.6.7 OS: Linux Debian Wheezy 7.8
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php at 281180 dot de
New email:
PHP Version: OS:

 

 [2015-03-28 12:52 UTC] php at 281180 dot de
Description:
------------
As of PHP 5.6 all encrypted client streams now enable peer verification by default. 

The problem is that e. g. some certs are self-signed and streams will not work without adjusting some parts. 

The easiest way in some cases would be enabling the ssl option 'allow_self_signed' via stream_context_set_default()

But unfortunately options set via stream_context_set_default() are not honored by e. g. stream_socket_client()

Other packages seem to have the same problem:
- #54440 (here an XML issue)
- #68344 (here a MySQL issue)

Test script:
---------------
// set default stream options
$default_options = [
	'ssl' => [
		'allow_self_signed' => true,
	],
];
stream_context_set_default($default_options);

// set special stream options
$options = [
	'ssl' => [
		'verify_peer_name' => false,
	],
];

// open stream considering default options
$stream = stream_socket_client($host.':'.$port, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, stream_context_create($options));


Expected result:
----------------
Stream to work and honor both $default_options and $options

Actual result:
--------------
$default_options are ignored and the following warning is triggered:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in XXX on line XX

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2022-10-05 17:30 UTC] bukka@php.net
-Package: Streams related +Package: OpenSSL related
 [2025-07-15 13:38 UTC] bukka@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: bukka
 [2025-07-15 13:38 UTC] bukka@php.net
So firstly I slightly misunderstood this issue and tried if the stream_context_set_default default works for ssl context and it does. That's btw what the linked issues are about.

This is, however, about merging the default context with the supplied context. 

But that's problematic because it would require some merging logic to be added so some parts are dependent on others. Also it would be a huge BC break.

I can see the use case however and probable best option for this would be a new INI as we already have openssl.cafile and openssl.capath so having other controls might make sense.

I created https://github.com/php/php-src/issues/19134 feature request which should address this use case better. Closing this as wont fix.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Fri Oct 24 03:00:02 2025 UTC