PHP :: Bug #69319 :: stream_context_set_default() options not set as default in streaming functions

Bug #69319

stream_context_set_default() options not set as default in streaming functions

Submitted:

2015-03-28 12:52 UTC

Modified:

2025-07-15 13:38 UTC

Votes:	3
Avg. Score:	4.3 ± 0.5
Reproduced:	3 of 3 (100.0%)
Same Version:	2 (66.7%)
Same OS:	2 (66.7%)

From:

php at 281180 dot de

Assigned:

bukka (profile)

Status:

Wont fix

Package:

OpenSSL related

PHP Version:

5.6.7

OS:

Linux Debian Wheezy 7.8

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	php at 281180 dot de
New email:
PHP Version:		OS:

New Comment:

[2015-03-28 12:52 UTC] php at 281180 dot de

Description:
------------
As of PHP 5.6 all encrypted client streams now enable peer verification by default. 

The problem is that e. g. some certs are self-signed and streams will not work without adjusting some parts. 

The easiest way in some cases would be enabling the ssl option 'allow_self_signed' via stream_context_set_default()

But unfortunately options set via stream_context_set_default() are not honored by e. g. stream_socket_client()

Other packages seem to have the same problem:
- #54440 (here an XML issue)
- #68344 (here a MySQL issue)

Test script:
---------------
// set default stream options
$default_options = [
	'ssl' => [
		'allow_self_signed' => true,
	],
];
stream_context_set_default($default_options);

// set special stream options
$options = [
	'ssl' => [
		'verify_peer_name' => false,
	],
];

// open stream considering default options
$stream = stream_socket_client($host.':'.$port, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, stream_context_create($options));


Expected result:
----------------
Stream to work and honor both $default_options and $options

Actual result:
--------------
$default_options are ignored and the following warning is triggered:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in XXX on line XX

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2022-10-05 17:30 UTC] bukka@php.net

-Package: Streams related +Package: OpenSSL related

[2025-07-15 13:38 UTC] bukka@php.net

-Status: Open +Status: Wont fix -Assigned To: +Assigned To: bukka

[2025-07-15 13:38 UTC] bukka@php.net

So firstly I slightly misunderstood this issue and tried if the stream_context_set_default default works for ssl context and it does. That's btw what the linked issues are about.

This is, however, about merging the default context with the supplied context. 

But that's problematic because it would require some merging logic to be added so some parts are dependent on others. Also it would be a huge BC break.

I can see the use case however and probable best option for this would be a new INI as we already have openssl.cafile and openssl.capath so having other controls might make sense.

I created https://github.com/php/php-src/issues/19134 feature request which should address this use case better. Closing this as wont fix.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Aug 31 01:00:03 2025 UTC