php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41631 default_socket_timeout does not work with SSL
Submitted: 2007-06-08 01:15 UTC Modified: 2010-06-13 15:12 UTC
Votes:106
Avg. Score:4.9 ± 0.5
Reproduced:95 of 97 (97.9%)
Same Version:64 (67.4%)
Same OS:65 (68.4%)
From: david at acz dot org Assigned: pajoye
Status: Assigned Package: OpenSSL related
PHP Version: 5.2, 5.3 OS: *
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-06-08 01:15 UTC] david at acz dot org
Description:
------------
The default socket timeout does not work with SSL streams.  An strace shows PHP calls read(2) and blocks forever.

Reproduce code:
---------------
Create sleepforever.php:

<? for(;;) sleep(1); ?>

Try it with HTTP:


$ php -n -r 'ini_set("default_socket_timeout", 1); fopen("http://127.0.0.1/sleepforever.php", "r");'

Now try it with HTTPS:


$ time php -n -r 'ini_set("default_socket_timeout", 1); fopen("https://127.0.0.1/sleepforever.php", "r");'


Expected result:
----------------
Warning: fopen(http://127.0.0.1/sleepforever.php): failed to open stream: HTTP request failed!  in Command line code on line 1

real    0m2.052s
user    0m0.020s
sys     0m0.010s


Actual result:
--------------
The process blocks forever.  An strace shows this:

connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
poll([{fd=3, events=POLLIN|POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 1000) = 1
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
fcntl64(3, F_SETFL, O_RDWR)             = 0
write(3, "\200j\1\3\1\0Q\0\0\0\20\0\0\26\0\0\23\0\0\n\7\0\300\0\0"..., 108) = 108
read(3, "\26\3\1\0J\2\0", 7)            = 7
*** ELIDED ***
write(3, "\27\3\1\0\30N~h\231u\31S]94^\253\235\26t\324\214\t/\261"..., 29) = 29
poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0
read(3, *** THIS BLOCKS FOREVER ***


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-08 15:58 UTC] david at acz dot org
I have a (partial?) fix:

Index: main/streams/xp_socket.c
===================================================================
RCS file: /repository/php-src/main/streams/xp_socket.c,v
retrieving revision 1.33.2.2.2.4
diff -u -p -d -r1.33.2.2.2.4 xp_socket.c
--- main/streams/xp_socket.c    1 Jan 2007 09:36:12 -0000       1.33.2.2.2.4
+++ main/streams/xp_socket.c    8 Jun 2007 15:55:57 -0000
@@ -103,7 +103,7 @@ retry:
        return didwrite;
 }

-static void php_sock_stream_wait_for_data(php_stream *stream, php_netstream_data_t *sock TSRMLS_DC)
+void php_sock_stream_wait_for_data(php_stream *stream, php_netstream_data_t *sock TSRMLS_DC)
 {
        int retval;
        struct timeval *ptimeout;
Index: ext/openssl/xp_ssl.c
===================================================================
RCS file: /repository/php-src/ext/openssl/xp_ssl.c,v
retrieving revision 1.22.2.3.2.8
diff -u -p -d -r1.22.2.3.2.8 xp_ssl.c
--- ext/openssl/xp_ssl.c        27 May 2007 17:05:51 -0000      1.22.2.3.2.8
+++ ext/openssl/xp_ssl.c        8 Jun 2007 15:55:57 -0000
@@ -35,6 +35,8 @@
 #include <sys/select.h>
 #endif

+void php_sock_stream_wait_for_data(php_stream *stream, php_netstream_data_t *sock TSRMLS_DC);
+
 int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream TSRMLS_DC);
 SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC);
 int php_openssl_get_x509_list_id(void);
@@ -219,6 +221,12 @@ static size_t php_openssl_sockop_read(ph
        php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
        int nr_bytes = 0;

+       if (sslsock->s.is_blocked) {
+               php_sock_stream_wait_for_data(stream, &(sslsock->s) TSRMLS_CC);
+               if (sslsock->s.timeout_event)
+                       return 0;
+       }
+
        if (sslsock->ssl_active) {
                int retry = 1;
 [2008-02-25 21:03 UTC] konstantin dot ryabitsev at mcgill dot ca
This is still happening on 5.2.5, and is really annoying when a soap server you are connecting to accepts the connection and then hangs. Effectively, this quickly results in a denial of service for the entire  site, as the end-result is hung HTTP processes.

Please consider this for a high-priority fix.
 [2008-10-02 08:07 UTC] cunami at gmail dot com
Bug also reproducible on PHP 5.2.4 (2ubuntu5.3).
 [2008-10-03 13:37 UTC] jose dot rodriguez at exec dot cl
reproduced on PHP 5.2.6 @ Windows XP
 [2008-11-02 12:46 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2008-11-10 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2008-12-02 23:09 UTC] nvora at yahoo-inc dot com
we are running into the same issue. where can i take a look at the patch? is the fix already checked in to cvs?
 [2009-06-24 15:55 UTC] karl dot debisschop at pearson dot com
Downloaded PHP-2.x-win latest (5.2.11-dev) and confirmed that the issue is still present.
 [2009-06-24 15:58 UTC] pajoye@php.net
stupid auto no feedback, re assigned.
 [2009-07-02 15:34 UTC] karl dot debisschop at pearson dot com
Just to keep information flowing, I have also tested with windows 5.3.0 and the issue is still present.
 [2009-07-22 03:24 UTC] vergara_rh at yahoo dot com
I would greatly appreciate if this bug will be fix.
 [2009-09-18 10:10 UTC] marcin at php4u dot co dot uk
Still can reproduce on Windows XP SP3, PHP 5.2.6

while connecting to https, script doesn't time out
 [2009-09-24 19:30 UTC] srinatar@php.net
bug #48524 depends on this fix (http://bugs.php.net/bug.php?id=48524&edit=1)

i wish , bug tracking system allowed to be able to close a bug as duplicate of another. then, we could close 48524 as dup of this (41631). this can also trigger the internal score for this bug to be increased (helping in set priority etc). 
 [2009-10-16 20:14 UTC] arkadi dot shishlov at gmail dot com
At least it would be helpful to set TCP keep-alive on socket so OS could timeout it eventually, otherwise there are connections stuck for days.
 [2010-01-18 19:16 UTC] wdierkes at 5dollarwhitebox dot org
This is also reproducible on 5.2.12 as described.  As mentioned 
previously, this has the potentially to have major effects (Denial of 
Servide) etc due to processes hanging and never timing out.  

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.4 (Tikanga)

# php -v
PHP 5.2.12 (cli) (built: Dec 17 2009 12:23:35) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

# uname -a
Linux linux 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 
x86_64 x86_64 GNU/Linux
 [2010-03-15 10:33 UTC] jason at kapoks dot co dot uk
Had this issue over the weekend with 5.2.10.
Essentially this means our entire service is vulnerable to Denial of Service.

Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux

CentOS release 5.3 (Final)

PHP 5.2.10 (cli) (built: Jun 21 2009 11:10:43)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
    with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
    with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
 [2010-06-13 15:12 UTC] felipe@php.net
-PHP Version: 5.2.11 +PHP Version: 5.2, 5.3
 [2010-06-13 15:12 UTC] felipe@php.net
Pierre, doesn't the attached patch fix this issue?
 [2010-11-19 15:43 UTC] chrisw at networkm dot co dot uk
Cannot reproduce this on Windows Server 2003 R2 Enterprise/PHP 5.2.9-2

fopen() returns after $default_socket_timeout seconds if the server does not respond.
 [2011-01-04 00:53 UTC] guyphp at yahoo dot com
This bug has caused us a lot of headaches due to hung connections from partners 
stacking and eventually taking down entire webservers.  During high traffic 
periods, it doesn't take long for these to reach critical mass.  Is there any ETA 
on when this bug will find its way into stable builds?  Like many, our managed 
hosting provider doesn't support patches - we need a stable build with the fix 
integrated. 

We are seeing this problem on 5.2.13, RHEL 5.5.
 [2011-03-28 23:51 UTC] arkadi dot shishlov at gmail dot com
A simple solution is to use HAProxy to proxy SSL partner services. Works for me.
defaults
        mode    tcp
        contimeout      5000
        clitimeout      30000
        srvtimeout      30000
listen  service.gjensidigebaltic.lv 127.0.0.1:10001
        dispatch 193.111.247.167:443
listen  services.seesam.lv 127.0.0.1:10007
        dispatch 217.28.49.7:443
 [2011-05-12 17:38 UTC] mgallelli at gmail dot com
Hi, 
i've tested on 5.2.17 and 5.3.2 with the same result.
As described i've used this script:

time php -n -r 'ini_set("default_socket_timeout", 1); 
fopen("https://mydomain.it/sleep.php", "r");'
but it doesn't wait 1 sec but 15 as into sleep.php page.
 [2013-03-27 11:48 UTC] oxygenus at gmail dot com
This is taking down my servers as well, everytime some other server is down for 
maintainance or some network issue occurs.
 [2013-12-13 09:39 UTC] lobbin at gmail dot com
Honestly, this bug has been open with a potential patch since _2007_. It also contains a perfectly well test case to reproduce the error.
 [2014-03-19 18:02 UTC] alex at modula-shop-systems dot de
Currently *still* experiencing this on this build of php: 

PHP 5.4.26-1~dotdeb.0

What is quite ridiculous for a bug that has been reported nearly 7 years ago ! 

Is it really that difficult to fix this bug? 

It affects also the SoapClient and makes it quite useless / forces ugly fallbacks to CURL when there is a need to catch timeouts over https.

This is really not an uncommon requirement for php in enterprise applications and should simply work.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 14:01:50 2014 UTC