php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45016 connect timeout on successful connect
Submitted: 2008-05-16 00:12 UTC Modified: 2009-02-19 01:00 UTC
Votes:6
Avg. Score:5.0 ± 0.0
Reproduced:6 of 6 (100.0%)
Same Version:5 (83.3%)
Same OS:3 (50.0%)
From: tpowell at electric-cloud dot com Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 5.3CVS-2008-05-16 (CVS) OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2008-05-16 00:12 UTC] tpowell at electric-cloud dot com
Description:
------------
On unusually slow ssl connects, we get a timeout message even through the connect succeeded.

The offending code appears to be around line 816 of xp_ssl.c version 1.37  (the bug appears to have been around since 1.28)

                                struct timeval tvs, tve;
                                struct timezone tz;

                                gettimeofday(&tvs, &tz);
                                n = SSL_connect(sslsock->ssl_handle);
                                gettimeofday(&tve, &tz);

                                timeout -= (tve.tv_sec + tve.tv_usec / 1000000) - (tvs.tv_sec + tvs.tv_usec / 1000000);
                                if (timeout < 0) {
                                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL: connection timeout");
                                        return -1;
                                }


The timeout is checked before the success value.  A fix would be to only check the timeout when deciding to loop again.

Reproduce code:
---------------
Peg the cpu of the test machine, attempt to make several ssl connections out.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-08 01:39 UTC] kalle@php.net
Try this patch:
http://phpfi.com/330065 (against latest PHP_5_3 cvs)
 [2008-07-14 21:09 UTC] jani@php.net
Can you try the patch Kalle posted above?
 [2008-07-22 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-02-11 21:36 UTC] felipe@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2009-02-19 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-07-01 19:41 UTC] korvus at comcast dot net
This does not appear to have been fixed in php5.3-latest.  The timeout is still checked before the return value of SSL_connect() is even considered.

This will certainly cause successful, but delayed (quite possibly due to resource exhaustion on the server) SSL connections to be dropped altogether, producing the error "SSL: connection timeout".  This may prevent the usage of a very-congested SSL-based resource.
 [2011-09-21 20:13 UTC] korvus at comcast dot net
There are some very big flaws in the way that the timeout wass assessed in the code above.

Thankfully, it looks like this was resolved in the following commit: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c?r1=306335&r2=306581

You can probably call this closed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 08:01:29 2024 UTC