PHP :: Bug #78775 :: TLS issues from HTTP request affecting other encrypted connections

Bug #78775	TLS issues from HTTP request affecting other encrypted connections
Submitted:	2019-11-03 20:25 UTC	Modified:	2019-11-05 11:03 UTC
From:	lcobucci@php.net	Assigned:
Status:	Closed	Package:	OpenSSL related
PHP Version:	7.2.24	OS:	Debian
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	lcobucci@php.net
New email:
PHP Version:		OS:

New Comment:

[2019-11-03 20:25 UTC] lcobucci@php.net

Description:
------------
While setting up TLS for the DB in a development environment, I've found out that handshake issues during cURL requests using URIs with a self-signed certificate were affecting completely valid encrypted MySQL connections using both MySQLi and PDO MySQL.

I observed this because it was only happening on certain endpoints because they send this HTTP request to another service.

It's quite an edge-case (and low priority IMHO). However, it got me crazy since the error messages are all about the DB connection.

My idea was to create a better way to test this, but couldn't find any good example for TLS+MySQLnd (via PDO or MySQLi)...

Test script:
---------------
$conn = new PDO(
    'mysql:host=my-mysql-server;charset=utf8mb4',
    'root',
    'password',
    [
        PDO::MYSQL_ATTR_SSL_CA => '/local-tls-certificates/ca.pem',
        PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => true,
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    ]
);

var_dump($conn->query('SELECT 1')->fetchAll(PDO::FETCH_ASSOC));

$handle = curl_init('https://self-signed.badssl.com/');
curl_setopt_array(
    $handle,
    [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_SSL_VERIFYPEER => true,
    ]
);

var_dump(curl_exec($handle));
curl_close($handle);

var_dump($conn->query('SELECT 1')->fetchAll(PDO::FETCH_ASSOC));

Expected result:
----------------
array(1) {
  [0]=>
  array(1) {
    [1]=>
    string(1) "1"
  }
}
bool(false)
array(1) {
  [0]=>
  array(1) {
    [1]=>
    string(1) "1"
  }
}

Actual result:
--------------
array(1) {
  [0]=>
  array(1) {
    [1]=>
    string(1) "1"
  }
}
bool(false)
[01-Nov-2019 17:03:02 UTC] PHP Warning:  PDO::query(): SSL operation failed with code 1. OpenSSL Error messages:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init in /app/aa.php on line 32

Warning: PDO::query(): SSL operation failed with code 1. OpenSSL Error messages:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init in /app/aa.php on line 32
[01-Nov-2019 17:03:02 UTC] PHP Warning:  PDO::query(): MySQL server has gone away in /app/aa.php on line 32

Warning: PDO::query(): MySQL server has gone away in /app/aa.php on line 32
[01-Nov-2019 17:03:02 UTC] PHP Warning:  PDO::query(): Error reading result set's header in /app/aa.php on line 32

Warning: PDO::query(): Error reading result set's header in /app/aa.php on line 32
[01-Nov-2019 17:03:02 UTC] PHP Fatal error:  Uncaught PDOException: SQLSTATE[HY000]: General error: 2006 MySQL server has gone away in /app/aa.php:32
Stack trace:
#0 /app/aa.php(32): PDO->query('SELECT 1')
#1 {main}
  thrown in /app/aa.php on line 32

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 2006 MySQL server has gone away in /app/aa.php:32
Stack trace:
#0 /app/aa.php(32): PDO->query('SELECT 1')
#1 {main}
  thrown in /app/aa.php on line 32

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-11-04 17:41 UTC] lcobucci@php.net

Volker Dusch managed to reproduce this by using sockets and cURL only (also affects the latest PHP 7.4 RC):

Test script:
-------------
$sock = fsockopen("tls://google.com", 443);

var_dump($sock);

$handle = curl_init('https://self-signed.badssl.com/');
curl_setopt_array(
    $handle,
    [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_SSL_VERIFYPEER => true,
    ]
);

var_dump(curl_exec($handle));
curl_close($handle);

fwrite($sock, "GET / HTTP/1.0\n\n");
var_dump(fread($sock, 8));


Expected result:
----------------
resource(4) of type (stream)
bool(false)
string(8) "HTTP/1.0"


Actual result:
--------------
resource(4) of type (stream)
bool(false)

Warning: fread(): SSL operation failed with code 1. OpenSSL Error messages:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init in /app/aa.php on line 19
string(0) ""

[2019-11-04 17:45 UTC] lcobucci@php.net

-Summary: TLS issues from HTTP request affecting encrypted MySQL connections +Summary: TLS issues from HTTP request affecting other encrypted connections

[2019-11-05 11:03 UTC] nikic@php.net

-Status: Open +Status: Verified

[2019-11-05 11:03 UTC] nikic@php.net

Verified after switching to curl linked against openssl.

[2019-11-05 11:16 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4f984a2fdb3815361f83013c23af0ff5d6d63d67
Log: Fixed bug #78775

[2019-11-05 11:16 UTC] nikic@php.net

-Status: Verified +Status: Closed

[2019-11-25 12:57 UTC] gilperon at gmail dot com

A much simpler approach to this bug was posted -> https://bugs.php.net/bug.php?id=78845

[2019-11-25 16:02 UTC] lcobucci@php.net

Related To: Bug #78845

[2020-02-20 08:26 UTC] nikic@php.net

Related To: Bug #73978

[2020-03-19 12:24 UTC] cmb@php.net

Related To: Bug #73929

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Dec 03 17:01:29 2024 UTC