PHP :: Bug #63113 :: can't call method from webservice server ssl3

Bug #63113	can't call method from webservice server ssl3
Submitted:	2012-09-18 16:57 UTC	Modified:	2012-11-04 15:31 UTC
From:	milad dot arabi at gmail dot com	Assigned:
Status:	Not a bug	Package:	OpenSSL related
PHP Version:	5.3.17	OS:	opensuse 11.4
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	milad dot arabi at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2012-09-18 16:57 UTC] milad dot arabi at gmail dot com

Description:
------------
hi all

i must connect to some webservice server that only accepts ssl3.
in command line i set -ssl3 flag for openssl and work fine.if i not specify version,openssl don't attmep version 3 and got error.i think this wrong behavior affected on php.
but in php we can't specify what ssl version to use.
php5.3.5

sorry for my poor language

Actual result:
--------------
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://domain.com:8888/bsiws/billing?wsdl' : failed to load external entity "https://domain.com:8888/bsiws/billing?wsdl"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-09-19 01:53 UTC] aharvey@php.net

-Status: Open +Status: Feedback

[2012-09-19 01:53 UTC] aharvey@php.net

This seems odd. PHP supports SSLv3 in OpenSSL fine.

What error messages do you get? Make sure error_reporting is set to -1 and display_errors is turned on.

What happens if you try file_get_contents('https://domain.com:8888/bsiws/billing?wsdl')?

Finally, please try a current version: either 5.3.17 or 5.4.7.

[2012-09-19 14:47 UTC] milad dot arabi at gmail dot com

my server under load and i really cant update it,that webservice only accept specific ip.

file_get_contents result:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(): Failed to enable crypto in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(https://mydomain-server.com:8888/bsiws/billing?wsdl): failed to open stream: operation failed in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4

[2012-09-19 15:25 UTC] milad dot arabi at gmail dot com

one think i forgot,that company don't register their domain and we add manually in DNS server and of course their Certification is invalid.

Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:unexpected_message
SSL_connect:error in SSLv2/v3 read server hello A
139780943029928:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert u                                                                nexpected message:s23_clnt.c:658:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 209 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---




Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state -ssl3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
   i:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICSTCCAbKgAwIBAgIESxo90jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ
UjEPMA0GA1UECBMGVGVocmFuMQ8wDQYDVQQHEwZUZWhyYW4xDDAKBgNVBAoTA0lT
QzERMA8GA1UECxMISXNjYm9hcmQxFzAVBgNVBAMMDiouaXNjYm9hcmQuY29tMB4X
DTA5MTIwNTExMDI0MloXDTE5MTIwMzExMDI0MlowaTELMAkGA1UEBhMCSVIxDzAN
BgNVBAgTBlRlaHJhbjEPMA0GA1UEBxMGVGVocmFuMQwwCgYDVQQKEwNJU0MxETAP
BgNVBAsTCElzY2JvYXJkMRcwFQYDVQQDDA4qLmlzY2JvYXJkLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAs+y+EHRnjvdjBdAhEg2PBGn5+IAfG2Funu0c
LmtvSldvH9zALt9J/Kjgdlz24ROmD5xsqAtGXdDJL46lyRHiHVethwiU4p0hF28X
/oqdz/SpGsYWi+ICl/kQAR8E331dvU+LJD4aaf7r/te3NoBMu/37Vc8sc8uWvS77
EAYKXB0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCRENcpbuz/8FKO+ZnYDvA05Syo
90Jz3REr2n+aTDJGEYpqgRVE3RaIO4X4vQ0IC7E5RnYNjWb4zNDjML8dC1nNnv5J
yAGv+4W9N1NYOrt0ZbwQuVz4GxUE3UwLydnPOYk6hPCme3jwGJ8KWBoMIyP2eJzK
JxvBufnx6803p2b/5g==
-----END CERTIFICATE-----
subject=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
issuer=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
---
No client certificate CA names sent
---
SSL handshake has read 1185 bytes and written 321 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 5059EE1FC222FE5DE940379770C555B85F26026B14065894B6B3778B5B945815
    Session-ID-ctx:
    Master-Key: EA29F07752B705DEE9D83E5BE5B212FD9F3161323332A30833AD7BA8AC37061721BCE365FADC566A370ABD3B63953261
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1348067336
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify

[2012-09-20 02:01 UTC] aharvey@php.net

Does it work if you use a WSDL from a server with a valid SSL certificate?

[2012-09-20 13:00 UTC] milad dot arabi at gmail dot com

yes,on my server i connect to 3 other https soap server without any problem with 
php.
when use openssl(from command line) to connect to that 3 server i don't specify 
ssl version and work perfectly.
this odd soap server running https over port 8888.is causing the problem?

[2012-11-04 15:18 UTC] milad dot arabi at gmail dot com

hi all
one of my friend solved problem by c# on windows server,he import invalid https certification file into windows and ...
invalid certification cause this problem.
tnx php guys

[2012-11-04 15:31 UTC] felipe@php.net

-Status: Feedback +Status: Not a bug

[2012-11-04 15:31 UTC] felipe@php.net

Thanks for the feedback.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 16:01:36 2025 UTC