I've not verified this patch will work and I'll hopefully test it tomorrow.

I believe it is reaching the end of the file and nr_bytes is returning 0 and this is being caught by an if statement which should be looking for -1.

--- network.c   Thu Aug 21 21:06:43 2003
+++ network.c.patched   Thu Aug 21 21:13:09 2003
@@ -1011,13 +1011,14 @@
                do {
                        nr_bytes = SSL_read(sock->ssl_handle, buf, count);
 
-                       if (nr_bytes <= 0) {
+                       if (nr_bytes < 0) {
                                retry = handle_ssl_error(stream, nr_bytes TSRMLS_CC);
                                if (retry == 0 && !SSL_pending(sock->ssl_handle)) {
                                        stream->eof = 1;
                                }
                        } else {
-                               /* we got the data */
+                               /* we got the data */
+                               stream->eof = 1;
                                break;
                        }
                } while (retry);

Could you try the next stable snapshot (due in a few minutes)?

I comitted a fix for a different bug that might make a
difference to this one.

If it hasn't fixed it, could you post an https:// URL
that reproduces the problem, so that I can investigate
further?

Re-opening at user request.

Users comments that have mysteriously vanished are:
===================================================

See the code below to verify , I'm not able to alter php versions since
it's hosted with my ISP so please test it with the latest version so it
can be closed as being fixed or further investigation needed. 

<?php

$method = "ssl://";
$host = "memberservices.passport.net";
$port = 443;
$url = "/";

$file = fsockopen($method.$host,$port,$errno,$errstr,30);
if(!$file) {
print ("error");
exit;
}
fputs($file,"GET ".$url." HTTP/1.1\r\n");
fputs($file,"Host: ".$host."\r\n");
fputs($file,"Connection: Keep-Alive\r\n");
fputs($file,"Cache-Control: no-cache\r\n\r\n");
while(!feof($file)) {
$output = fgets ($file, 1024);
}
fclose($file);

?>

output:

PHP Warning:  fgets(): SSL: fatal protocol error in
/path.to/test_ssl.php on line 18

Please put the bug to 'open'.

Similar bug in PHP Win32 5.0B2

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

I've just comitted a fix for feof() that might solve this problem too.

Please try the next snapshot (dated after this notification) and let us know.

I am having the same problem on Red Hat 9.0 with PHP 5.0 B2. It's coming from Net/Socket.php

I've been experiencing the same problem with PHP 4.3.4 running on a Linux Slackware/Apache server.  The problem did initially crop up inside the PEAR Socket class which I'm trying to use to connect to Authorize.Net's gateway.  Here's the exact message returned (with path changes):

Warning: fread(): SSL: fatal protocol error in /path/to/Net/Socket.php on line 243

Red Hat 9
PHP 4.3.4, Apache 2.0.48, OpenSSL 0.9.7c (built from source)

Also happens with either fread() or feof() on an SSL socket connection opened with fsockopen ($request):

while (!feof($request)) $response .= fread($request, 4096);

This code works flawlessly on a non-SSL socket connection.

This bug is apparently still living; even in PHP 5.0b3...

Keep it assigned to the only person who can fix it..

I'm sorry but I can't really tell based on this thread if there was ever a version of PHP where this problem was corrected.  Is there a version?

I'm on 4.3.3 currently under IPlanet.

Is there a workaround without using cURL?

I am seeing the same error. It appears to be generated after the following loop has completed. More specifically, the Warning message is emitted just after the loop terminates.

while( !feof($handle) )
{
   echo "Looping to read in all of the reply.<br>";
   $reply .= fgets($handle);
}

PHP 4.3.4 compiled with --with-openssl

What other information would be helpful?

This also seems to cause a problem with file_get_contents which I am using to retrieve transaction data.  Test case is:
<code><?php
file_get_contents("https://any.secure.server");
?></code>
returns:
<code>Warning: file_get_contents(): SSL: fatal protocol error in /usr/local/www/data-dist/navdev/test.php on line 2</code>

...plus whatever data the secure server provides.

Found the cause of this now.

Its Microsoft's we can do what we want attituide in regards to IIS.

An EOF occured but the SSL "close_notify" message hasn't been sent.

I'll write a patch and post it tomorrow hopefully.

Since this indeed an error but it will happen anytime you make an HTTPS request to IIS i think the error should be changed to E_NOTICE and the error message updated to what it actually does.

Patch
---
diff -u network.c network.c.patched
--- network.c   2004-02-17 01:20:49.000000000 +0000
+++ network.c.patched   2004-02-17 01:22:23.000000000 +0000
@@ -870,8 +870,8 @@
                case SSL_ERROR_SYSCALL:
                        if (ERR_peek_error() == 0) {
                                if (nr_bytes == 0) {
-                                       php_error_docref(NULL TSRMLS_CC, E_WARNING,
-                                                       "SSL: fatal protocol error");
+                                       php_error_docref(NULL TSRMLS_CC, E_NOTICE,
+                                                       "SSL: EOF occurred in violation of protocol");
                                        stream->eof = 1;
                                        retry = 0;
                                } else {

Marking as documentation problem. Some (IIS) non-standard 
compliant servers send data in a way that causes PHP to 
raise warnings. When working with such servers you should 
lower your error_reporting level not to include warnings. 

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

I'm seeing this against an apache server.  What version is this fixed in? 

file_get_contents("https://.....");

PHP 4.3.2 (cgi), Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies

I have fixed it for now with error_reporting but would like to get a true fix.

PHP Version 5.0.0RC2

Configure Command 	'./configure' '--with-openssl' ...

if ( $fp = fopen("https://xxxxxxxx, "r") ) {
	while ( $row = fgets($fp, 1024) ) {
		print($row);
	}
	fclose($fp);
}

Warning: fgets() [function.fgets]: SSL: fatal protocol error in xxxxxxxxxxxxxxxxxxx.php on line xx

however it GETS the data...

Hi,
this bug still exists on php4-STABLE-200405031430. ;-(

System:
- Linux (RedHat 8) 2.4.20-28.8 #1 Thu Dec 18 12:53:39 EST 2003 i686 i686 i386 GNU/Linux
- php4-STABLE-200405031430
- OpenSSL 0.9.6b

Configure command:
'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql' '--with-openssl' '--with-sapdb=/opt/sapdb/interfaces/odbc/'

php-script:
<?php
        $url = "https://foo.bar";
        file_get_contents($url);
?>

Output:
Warning: file_get_contents(): SSL: fatal protocol error in /www/www.default.de/html/https2.php on line 3


Any help for me?

Greetings
grizu

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

This has just been fixed in CVS.

Note that due to the nature of the problem (eg: IIS being at fault), there is no way for PHP to determine the difference between a legitimate problem and a bogus IIS unless you are using the built-in HTTP wrapper: we inspect the headers to determine if we should show the warning or not.

So, if you are manually opening an SSL stream, you still need to suppress the warning yourself based on the presence of "Server: Microsoft-IIS" in the headers that you read.

Stupid bug system...
The will be in the next snapshot from http://snaps.php.net.

I've noticed we've all dismissed this as a Microsoft IIS error, but we've been receiving the same warning using Apache 1.3.31 and PHP 5.0.0 and PHP 5.0.1, configured with the following options:
./configure --with-mysql=shared,/usr --prefix=/usr --with-apxs=/usr/bin/apxs-ssl --disable-rpath --with-layout=GNU --with-pear=/usr/share/php --enable-ftp --with-gettext --enable-sockets --with-zlib --with-kerberos=/usr --with-openssl --with-exec-dir=/usr/lib/php5/libexec --with-dom=shared,/usr --with-xsl --with-gettext

Have any apache users had this error and corrected it?

I'm seeing this in 5.0.2 using HTTP_Client-1.0.0 and HTTP_Request-1.2.3, Net_Socket-1.0.2.

require_once 'HTTP/Client.php';

$url = 'https://wipcore.t-mobile.com/login';
$data = array(
        txtMSISDN=>'myphonenumber',
        txtPassword=>'mypassword',
        tmobile=>'true',
        chkRemember=>'chkRemember',
        hdnAOL=>'');

$client = new HTTP_Client();
$response = $client->post($url, $data);
$response = $client->currentResponse();
print_r($response);
?>

Warning: fread() [function.fread]: SSL: fatal protocol error in /usr/local/lib/php/Net/Socket.php on line 262
Array ( [code] => 200 [headers] => Array ( [Date] => Tue, 05 Oct 2004 06:58:40 GMT [date] => Tue, 05 Oct 2004 06:58:40 GMT [X-Powered-By] => ASP.NET [x-powered-by] => ASP.NET [cache-control] => private [pragma] => no-cache [x-rim-content-location] => "/appdata/rim/idlescreen/carrier/brand" [X-ContentSig] => "iQA/AwUAjc1EX/glq1oAoLnzxyr1/ldOXKnENFEa88tQ+IIE" [x-contentsig] => "iQA/AwUAjc1EX/glq1oAoLnzxyr1/ldOXKnENFEa88tQ+IIE" [Connection] => close [connection] => close [Content-Type] => text/html [content-type] => text/html [Cache-control] => private [Content-Encoding] => gzip [content-encoding] => gzip [Transfer-Encoding] => chunked [transfer-encoding] => chunked [Expires] => Wed, 01 Jan 1997 12:00:00 GMT [expires] => Wed, 01 Jan 1997 12:00:00 GMT [Vary] => Accept-Encoding [vary] => Accept-Encoding ) [body] =>

jon at latchkey dot com:
ask the authors of those packages to read this report and fix their code.  It is not a PHP bug.

For those interested, I have submitted a bug report for PEAR::Net_Socket and added a comment to a bug report for HTTP_Request.

I would include bug #'s and links, but the bug system seems to have just gone down...