php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50025 You have to fgets() after STARTTLS or stream_socket_enable_crypto() won't work
Submitted: 2009-10-27 20:23 UTC Modified: 2009-10-27 23:58 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: wooptoo at gmail dot com Assigned:
Status: Closed Package: Streams related
PHP Version: 5.3.0 OS: Linux x86_64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: wooptoo at gmail dot com
New email:
PHP Version: OS:

 

 [2009-10-27 20:23 UTC] wooptoo at gmail dot com 
Description:
------------
You have to fgets() the output from the socket after STARTTLS or stream_socket_enable_crypto() won't work on SMTP.

This is on SMTP. I didn't test on other protocols.

Why is the fgets() necessary?

Reproduce code:
---------------
<?php

$conn = fsockopen($server, $port, $errno, $errstr, $timeout);

fputs($conn, 'HELO localhost'."\r\n");
fputs($conn, 'STARTTLS'."\r\n");

// why is this necessary? :
fgets($conn);

stream_socket_enable_crypto($conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
fputs($conn, 'HELO localhost'."\r\n");

?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-27 22:28 UTC] jani@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2009-10-27 23:33 UTC] lbarnaud@php.net 
For each SMTP command you send, the server send you a reply (e.g. "200 ok"). Before enabling TLS, you need to read everything that was sent unencrypted by the server.
 [2009-10-27 23:58 UTC] wooptoo at gmail dot com 
Thanks lbarnaud. It seems that i have to fgets() everything the server sends for this to work. It's ok though.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 09 19:01:34 2024 UTC