|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-11-08 22:14 UTC] beckman at purplecow dot com
Description: ------------ Using FreeBSD ports tree, I installed openssl 0.9.8a and php5-openssl, which installed the openssl libraries and tools and the php5 openssl extension openssl.so. After confirming the HTTPS/SSL contexts (streams and transports) were enabled, and OpenSSL support was enabled, I attempted to use file_get_contents to open an HTTPS:// url. This resulted in the following PHP errors: [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to create an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to enable crypto in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########): failed to open stream: Operation now in progress in /usr/local/lib/php/762dev/functions.inc on line 576 Here's what I got as the error from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) And here's what I read to lead me to believe that the problem is with a change in the way openssl initializes the ciphers: http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000219.html I think that php5-openssl does not call the SSL_library_init() function before starting use of the library. I de-installed openssl.so and the openssl library, re-installed openssl-0.9.7i, re-installed the openssl.so extension/module, and the library now works great from within PHP. Reproduce code: --------------- echo file_get_contents("https://whatever.com/"); Expected result: ---------------- The contents of whatever.com. Actual result: -------------- Errors. [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to create an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to enable crypto in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########): failed to open stream: Operation now in progress in /usr/local/lib/php/762dev/functions.inc on line 576 Here's what I got as the error from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 19 14:01:30 2024 UTC |
Code to generate errors: file_get_contents("https://some.secure.site.com/"); echo openssl_error_string(); BTW, this string, returned from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) Reason 161 is "Library has no ciphers" returned from SSL_CTX_new. Here's my layman's thought: line 348 of ext/openssl/xp_ssl.c calls SSL_CTX_new(method) Nowhere before this is SSL_library_init() called, as per documentation on openssl.org: http://www.openssl.org/docs/ssl/SSL_library_init.html Confusingly the documentation also says that SSL_CTX_new() will load the ciphers: http://www.openssl.org/docs/ssl/SSL_CTX_new.html Though it seems that in 0.9.8a it does not. In ssl/ssl_algs.c you see that SSL_library_init() is changed a bit, and in 0.9.8a calls ssl_load_ciphers() (defined on line 168 of ssl/ssl_ciph.c) which doesn't exist in 0.9.7i. I can't tell if this is a fundamental change in OpenSSL that you have to add a function call to the openssl extension in PHP, or if OpenSSL screwed something up. My guess is that OpenSSL changed the way they load ciphers, and that the OpenSSL extension needs to be changed to do so. Granted, the OpenSSL site isn't great at documentation......