php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48610 Accessing ssl:// results in immediate "SSL: connection timeout" error
Submitted: 2009-06-19 18:38 UTC Modified: 2009-06-25 20:43 UTC
From: arkadi at hosting dot lv Assigned:
Status: Not a bug Package: Streams related
PHP Version: 5.2.10 OS: Linux
Private report: No CVE-ID: None
 [2009-06-19 18:38 UTC] arkadi at hosting dot lv
Description:
------------
The problem was already reported in bug #47791 but the bug was closed as Bogus. This is also probably related to bug #45016.
When trying to establish SSL connection the "SSL: connection timeout" error is raised _immediately_ regardless of timeout specified.
You can try to access the script running on PHP 4.4.9
http://iron.hosting.lv/ssl.php - that produces correct result - an XML fragment
and PHP 5.2.10
http://iron-php5.hosting.lv/ssl.php
which immediately prints (0).

Stracing the process shows that connection is established and initial SSL negotiation packet is sent, but then it waits less than a second for the reply (which is not arriving in such short time), then connection is closed.

I believe the problem appeared after 5.2.6, and definitely present in 5.2.9.

Reproduce code:
---------------
<?php
$fp = fsockopen("ssl://polise.if.lv" , 443, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /PartnerWS/OCTA/PArtner/PremiumCalculator.asmx?WSDL HTTP/1.1\r\n";
    $out .= "Host: polise.if.lv\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}
?>

Expected result:
----------------
XML fragment fetched from remote server

Actual result:
--------------
(0)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-25 20:43 UTC] arkadi at hosting dot lv
It is a GCC -fpmath=sse bug (i486-linux-gnu 4.3.2 [Debian 4.3.2-1.1)] that miscompiles
timeout -= (tve.tv_sec + (float) tve.tv_usec / 1000000) -
    (tvs.tv_sec+ (float) tvs.tv_usec / 1000000);
from xp_ssl.c.
 [2010-03-12 00:06 UTC] ben at sixg dot com
We're seeing this with PHP 5.2.12 on Red Hat 5.4.  (It's a Rackspace build of PHP 
rather than a Red Hat build, but I'd expect that it was built with RH5's gcc, so 
probably RH's gcc-4.1.2-46 or so.)

This is not bogus.  Even if it's a GCC bug, if it's present in GCC 4.3, it's not 
likely to be fixed any time soon on that side.  Can't PHP work around it?

Arkadi, did you end up patching your xp_ssl.c to work around this, or did you find 
a version of GCC that doesn't have the bug?
 [2010-03-12 09:17 UTC] arkadi at hosting dot lv
The solution for me was to remove -fpmath=sse flag (32-bit build).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC