php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38417 SSL Handshake Timeout
Submitted: 2006-08-10 18:45 UTC Modified: 2006-12-05 19:49 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: ctm at etheon dot net Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 5.1.4 OS: Windows NT
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ctm at etheon dot net
New email:
PHP Version: OS:

 

 [2006-08-10 18:45 UTC] ctm at etheon dot net
Description:
------------
When using either the stream_socket_client function (in STREAM_CLIENT_CONNECT mode) or the stream_socket_enable_crypto function (if you connected in ASYNC mode), on some IPs, then SSL Handshake will take sometimes up to 10 minutes to complete, and in those cases, often fails anyway. It also uses as much CPU usage as it can (up to 99%).

Basically, having a timeout would be nice.

Reproduce code:
---------------
$ip = "68.142.72.152" ;

   $context = stream_context_create ( array ( 'ssl' => array ( 'verify_peer' => false,
							       'capture_peer_cert' => true ),
					    )
				    ) ;

   $socket = stream_socket_client ( "ssl://" . $ip . ":443", 
   				    $errno, 
   				    $errstr, 
				    15,
				    STREAM_CLIENT_CONNECT|STREAM_CLIENT_ASYNC_CONNECT,
				    $context ) ;

stream_socket_enable_crypto ( $socket, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT ) ;

print "The end.\r\n" ;

Expected result:
----------------
The end.

Actual result:
--------------
Well, the result is pretty much the same, the only problem is instead of taking roughly 10 to 30 seconds, it takes about 10 minutes and uses 99% of the CPU.


This is, I think, the problem in the source code (ext/openssl/xp_ssl.c) :

		do {
			if (sslsock->is_client) {
				n = SSL_connect(sslsock->ssl_handle);
			} else {
				n = SSL_accept(sslsock->ssl_handle);
			}

			if (n <= 0) {
				retry = handle_ssl_error(stream, n TSRMLS_CC);
			} else {
				break;
			}
		} while (retry);

I know the SSL Handshake fails (since n is less than equal to 0), though I'm not sure if the CPU usage and the long timeout are due to a near infinite loop or something akin to this. I've checked the Unix man pages on this, but I'm not sure which error it is exactly, since openssl_error_string() doesn't return anything. And I can read or write just fine, so I don't think it's SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, though I'm not sure about this.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-06 18:27 UTC] eli at electric-cloud dot com
We are seeing this only when the SSL page that we are opening a socket to is also on our local machine - the one that running Apache/PHP.
 [2006-12-05 19:49 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Mar 09 11:01:23 2021 UTC