php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30765 ssl over fopen vs fsockopen
Submitted: 2004-11-11 23:34 UTC Modified: 2004-11-13 05:46 UTC
From: kurt at milliganshome dot net Assigned:
Status: Not a bug Package: Network related
PHP Version: 4.3.9 OS: Linux
Private report: No CVE-ID: None
 [2004-11-11 23:34 UTC] kurt at milliganshome dot net
Description:
------------
Hi All

Running php v4.3.9 on RH Linux 7.3 & 9.0 with openssl 0.9.7d.

I have noticed similar problems to Bug#23220, but have found that using fopen works while using fsockopen does not.

// works ok!
$fd = fopen('https://www.somehost.com','r');
while(!feof($fd))
    echo fgets($fd,1024);

// generates SSL: fatal protocol error
$fd = fsockopen('ssl://www.somehost.com',443);
fwrite($fd,"GET / HTTP/1.1\r\nHost: www.somehost.com\r\nConnection: Close\r\n\r\n");
while(!feof($fd))
    echo fgets($fd,1024);


This would be OK if I didn't need to POST, but I do...anyone else notice this? Is there some difference in the way that fgets operates depending on whether it was opened via fopen or fsockopen?

I see the posting in bug#23220:

"Note that due to the nature of the problem (eg: IIS being at fault),there is no way for PHP to determine the difference between a legitimate problem and a bogus IIS unless you are using the built-in HTTP wrapper: we inspect the headers to determine if we should show the warning or not.

So, if you are manually opening an SSL stream, you still need to suppress the warning yourself based on the presence of "Server: Microsoft-IIS" in the headers that you read. "

But I don't get any headers back; the script fails on the first fgets call. If I'm missing something, please let me know.

Thanks!


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-12 01:40 UTC] kurt at milliganshome dot net
I'm no longer certain this is a bug...seems to be working now. It was very odd, tho. Sorry for any onconvenience.
 [2004-11-13 05:46 UTC] pollita@php.net
Not a Bug == Bogus

And fwiw, That's not a completely valid HTTP/1.1 request.  You should probably stick to HTTP/1.0 unless you plan to implement a full 1.1 client.


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu May 23 21:01:26 2019 UTC