php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53692 fsockopen for tls:// or ssl:// connections won't open when php-fpm is used
Submitted: 2011-01-08 04:17 UTC Modified: 2013-02-18 00:34 UTC
Votes:16
Avg. Score:1.6 ± 1.3
Reproduced:2 of 3 (66.7%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: szoftos at freemail dot hu Assigned: fat (profile)
Status: No Feedback Package: FPM related
PHP Version: 5.3.5 OS: FreeBSD
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: szoftos at freemail dot hu
New email:
PHP Version: OS:

 

 [2011-01-08 04:17 UTC] szoftos at freemail dot hu
Description:
------------
Hi, i was setting up squirrelmail for a ssl-based dovecot server, and got the results that somehow squirelmail cannot connect to it. After further examination i came to the reason: when running a php program in php-fpm mode, the fsockopen() function won't connect to any ssl based port. It does the tcp connection thou, but as soon as the tcp connection opens, it gets dropped by php, returning false.

However, when i run my test script from php-cli, it succeeds in connecting, and gives back a stream filedescriptor.

my configure line (comes from freebsd ports): './configure' '--with-layout=GNU' '--localstatedir=/var' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--with-pcre-regex=/usr/local' '--with-zlib-dir=/usr' '--program-prefix=' '--enable-fpm' '--with-fpm-user=www' '--with-fpm-group=www' '--with-regex=php' '--with-zend-vm=CALL' '--enable-zend-multibyte' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.1' 

The following extensions are compiled in:
[root@wwwjail ~]# cat /var/db/ports/php5-extensions/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for php5-extensions-1.4
_OPTIONS_READ=php5-extensions-1.4
WITHOUT_BCMATH=true
WITH_BZ2=true
WITH_CALENDAR=true
WITH_CTYPE=true
WITHOUT_CURL=true
WITHOUT_DBA=true
WITH_DOM=true
WITH_EXIF=true
WITHOUT_FILEINFO=true
WITHOUT_FILTER=true
WITHOUT_FRIBIDI=true
WITH_FTP=true
WITH_GD=true
WITH_GETTEXT=true
WITH_GMP=true
WITH_HASH=true
WITH_ICONV=true
WITH_IMAP=true
WITHOUT_INTERBASE=true
WITH_JSON=true
WITHOUT_LDAP=true
WITH_MBSTRING=true
WITHOUT_MCRYPT=true
WITHOUT_MSSQL=true
WITH_MYSQL=true
WITHOUT_MYSQLI=true
WITHOUT_ODBC=true
WITH_OPENSSL=true
WITHOUT_PCNTL=true
WITH_PDF=true
WITH_PDO=true
WITH_PDO_SQLITE=true
WITHOUT_PGSQL=true
WITH_POSIX=true
WITH_PSPELL=true
WITHOUT_READLINE=true
WITHOUT_RECODE=true
WITH_SESSION=true
WITHOUT_SHMOP=true
WITH_SIMPLEXML=true
WITHOUT_SNMP=true
WITH_SOAP=true
WITHOUT_SOCKETS=true
WITH_SQLITE=true
WITHOUT_SYBASE_CT=true
WITHOUT_SYSVMSG=true
WITHOUT_SYSVSEM=true
WITHOUT_SYSVSHM=true
WITHOUT_TIDY=true
WITH_TOKENIZER=true
WITHOUT_WDDX=true
WITH_XML=true
WITH_XMLREADER=true
WITH_XMLRPC=true
WITH_XMLWRITER=true
WITHOUT_XSL=true
WITHOUT_YAZ=true
WITH_ZIP=true
WITH_ZLIB=true


Test script:
---------------
<?php
$imap_stream = fsockopen('tls://127.0.0.4', 993, $error_number, $error_string, 15);
var_dump($imap_stream);
?>

Expected result:
----------------
A connection error message by php, or a successful connection.

Actual result:
--------------
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-10 01:39 UTC] kalle@php.net
-Status: Open +Status: Feedback
 [2011-01-10 01:39 UTC] kalle@php.net
What does the $error_number and $error_string variables return when the socket creation is blocked?
 [2011-01-10 13:13 UTC] szoftos at freemail dot hu
Hello,

%error_number is 0 and $error_message is ''.

But let me remark, the socket creation is not blocked. I set up a listening socket with netcat (nc -l <portnumber>), and what i could see was that php connects to that port, and drops the connection right away.
 [2011-05-01 00:34 UTC] szoftos at freemail dot hu
-Status: Feedback +Status: Open
 [2011-05-01 00:34 UTC] szoftos at freemail dot hu
any changes on this one?
 [2011-07-02 14:10 UTC] fat@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: fat
 [2011-07-02 14:12 UTC] fat@php.net
-Status: Assigned +Status: Feedback
 [2011-07-02 14:12 UTC] fat@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


I can't reproduce the problem on my side. It works as expected.

Can you please provide your full php-fpm.conf and any informations which could be 
relevant for this case resolution.

thx
++ Jerome
 [2011-07-03 09:49 UTC] szoftos at freemail dot hu
-Status: Feedback +Status: Assigned
 [2011-07-03 09:49 UTC] szoftos at freemail dot hu
hi, i was thinking on the problem. i run the php-fpm chrooted, could that be the cause of the problem? php-fpm.conf follows:

[global]
pid = run/php-fpm.pid

[mail.flix.hu]
chroot = /usr/local/www
chdir = /vhosts/mail.flix.hu/mail.flix.hu
listen = /usr/local/www/var/run/sockets/mail.flix.hu.php.sock
listen.owner = www
listen.group = www
listen.mode = 0660
user = www
group = www
pm = dynamic
pm.max_children = 50
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
pm.max_requests = 100
request_terminate_timeout = 1m
request_slowlog_timeout = 30s
slowlog = /var/log/php-fpm-slow.log
catch_workers_output = yes
php_admin_value[doc_root] = /vhosts/mail.flix.hu/mail.flix.hu
php_admin_value[open_basedir] = /vhosts/mail.flix.hu/mail.flix.hu:/usl/local/share/pear
php_admin_value[upload_tmp_dir] = /vhosts/mail.flix.hu/mail.flix.hu/tmp
php_admin_flag[zlib.output_compression] = on
php_admin_value[disable_functions] = escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system
php_admin_value[session.save_path] = /vhosts/mail.flix.hu/sessions
php_admin_value[safe_mode_exec_dir] = /vhosts/mail.flix.hu/safe_mode_exec_dir
php_admin_value[error_reporting] = E_ALL & ~E_NOTICE
php_admin_value[include_path] = .:/vhosts/mail.flix.hu/mail.flix.hu/data/pear
php_admin_value[date.timezone] = Europe/Budapest
 [2011-07-05 16:49 UTC] fat@php.net
-Status: Assigned +Status: Feedback
 [2011-07-05 16:49 UTC] fat@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


Yes it's probably related somehow to the chroot.

Can you please make the 2 following tests:
1- just disable the chroot and test again. Is it working or not ?
2- keep chroot enabled, set max_children to 1 or 2, set log_level to debug, run 
FPM and strace (or truss) the 2 FPM children processes. Run your test script and 
send the content of the strace or truss output.

thanks

++ jerome
PS: have a beer for me at Kuplung :)
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC