php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35160 openssl 0.9.8a + module does not load any ciphers
Submitted: 2005-11-08 22:14 UTC Modified: 2005-11-19 00:11 UTC
From: beckman at purplecow dot com Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 5CVS-2005-11-09 (snap) OS: FreeBSD 5.3-RELEASE-p10
Private report: No CVE-ID: None
 [2005-11-08 22:14 UTC] beckman at purplecow dot com
Description:
------------
Using FreeBSD ports tree, I installed openssl 0.9.8a and php5-openssl, which installed the openssl libraries and tools and the php5 openssl extension openssl.so.

After confirming the HTTPS/SSL contexts (streams and transports) were enabled, and OpenSSL support was enabled, I attempted to use file_get_contents to open an HTTPS:// url.

This resulted in the following PHP errors:

[08-Nov-2005 14:28:10] PHP Warning:  file_get_contents(): failed to create
an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:  file_get_contents(): Failed to enable
crypto in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:
file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########):
failed to open stream: Operation
 now in progress in /usr/local/lib/php/762dev/functions.inc on line 576

Here's what I got as the error from openssl_error_string():

    error:140A90A1:SSL routines:func(169):reason(161)

And here's what I read to lead me to believe that the problem is with a
change in the way openssl initializes the ciphers:
    http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000219.html

I think that php5-openssl does not call the SSL_library_init() function before starting use of the library.

I de-installed openssl.so and the openssl library, re-installed openssl-0.9.7i, re-installed the openssl.so extension/module, and the library now works great from within PHP.


Reproduce code:
---------------
echo file_get_contents("https://whatever.com/");

Expected result:
----------------
The contents of whatever.com.

Actual result:
--------------
Errors.
[08-Nov-2005 14:28:10] PHP Warning:  file_get_contents(): failed to create
an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:  file_get_contents(): Failed to enable
crypto in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:
file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########):
failed to open stream: Operation
 now in progress in /usr/local/lib/php/762dev/functions.inc on line 576

Here's what I got as the error from openssl_error_string():

    error:140A90A1:SSL routines:func(169):reason(161)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-09 00:19 UTC] beckman at purplecow dot com
Code to generate errors:

file_get_contents("https://some.secure.site.com/");
echo openssl_error_string();

BTW, this string, returned from openssl_error_string():
  
    error:140A90A1:SSL routines:func(169):reason(161)

Reason 161 is "Library has no ciphers" returned from SSL_CTX_new.

Here's my layman's thought:

line 348 of ext/openssl/xp_ssl.c calls SSL_CTX_new(method)

Nowhere before this is SSL_library_init() called, as per documentation on openssl.org:

http://www.openssl.org/docs/ssl/SSL_library_init.html

Confusingly the documentation also says that SSL_CTX_new() will load the ciphers:

http://www.openssl.org/docs/ssl/SSL_CTX_new.html

Though it seems that in 0.9.8a it does not.

In ssl/ssl_algs.c you see that SSL_library_init() is changed a bit, and in 0.9.8a calls ssl_load_ciphers() (defined on line 168 of ssl/ssl_ciph.c) which doesn't exist in 0.9.7i.

I can't tell if this is a fundamental change in OpenSSL that you have to add a function call to the openssl extension in PHP, or if OpenSSL screwed something up.

My guess is that OpenSSL changed the way they load ciphers, and that the OpenSSL extension needs to be changed to do so.  Granted, the OpenSSL site isn't great at documentation......
 [2005-11-17 16:41 UTC] iliaa@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Works fine on fresh build on openssl 0.9.8a and PHP 5.1.0RC5. The original message on the debian list seems to imply the problem is on some pre-compiled openssl builds.

Not a PHP bug.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Dec 07 10:03:34 2021 UTC