php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54511 Failure in socket open to some SSL server
Submitted: 2011-04-12 09:51 UTC Modified: 2021-06-25 16:41 UTC
Votes:19
Avg. Score:4.1 ± 1.1
Reproduced:15 of 17 (88.2%)
Same Version:2 (13.3%)
Same OS:3 (20.0%)
From: dbpalan at hotmail dot com Assigned: cmb (profile)
Status: Not a bug Package: OpenSSL related
PHP Version: 5.3.6 OS: Debian Squeeze
Private report: No CVE-ID: None
View Developer Edit
 [2011-04-12 09:51 UTC] dbpalan at hotmail dot com 
Description:
------------
fsockopen() connect to a server always failed.  After some tests it is confirmed due to a bug in a SSL function call which only occur in new version:

5.2.6  - passed
5.2.17 - passed
5.3.0  - passed
5.3.1  - passed
5.3.2  - failed
5.3.3  - failed
5.3.6  - failed

The bug was introduced from svn revision #291493 "merge from trunk: openssl sni support" from the function call to SSL_set_tlsext_host_name(sslsock->ssl_handle, sslsock->sni).

If I remark this function, everything works fine.

I have no further idea what is this function do, and what side effect without this function.  Please advice and hope a fix would be available.  Thank you.


Test script:
---------------
<?
$fp = fsockopen("ssl://smtpb.scig.gov.hk", 465, $errno, $errstr, 30);
if (!$fp) {
    echo "fail: $errstr ($errno)\n";
} else {
    echo "success";
}
?>


Expected result:
----------------
$fp is a non-zero handle, the screen will show "success"

Actual result:
--------------
$fp is EMPTY, the screen will show:

Warning: fsockopen() [function.fsockopen]: SSL operation failed with code 1. OpenSSL Error messages: error:14094417:SSL routines:func(148):reason(1047) in /www/test.php on line 2

Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in /www/test.php on line 2

Warning: fsockopen() [function.fsockopen]: unable to connect to ssl://smtpb.scig.gov.hk:465 (Unknown error) in /www/test.php on line 2

fail: 0

Patches

?''?"" (last revision 2021-04-14 02:14 UTC by sample at email dot tst)
php5_5.3.4-fsockopen.patch (last revision 2013-06-17 08:36 UTC by dbpalan at hotmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-12 10:04 UTC] dbpalan at hotmail dot com 
1. The function call is located in ext/openssl/xp_ssl.c

2. A workaround is replace the line fsockopen() with:

    $context = stream_context_create(array(
        'ssl' => array('SNI_server_name' => 'smtpb.scig.gov.hk'),
    ));
    $fp = stream_socket_client("tcp://smtpb.scig.gov.hk:465", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
 [2012-07-12 07:22 UTC] alexwichti at googlemail dot com 
Bug still exists in 5.4.3.
Workaround by dbpalan works though, thanks!
 [2021-06-25 16:41 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-06-25 16:41 UTC] cmb@php.net 
What you're calling workaround is actually the solution.
Obviously, that server (which appears to be no longer available)
required SNI[1].  To enable that as of PHP 7.0.0:

    $context = stream_context_create([
        'ssl' => [
            'SNI_enabled' => true,
            'peer_name' => 'smtpb.scig.gov.hk'
        ],
    ]);

[1] <https://en.wikipedia.org/wiki/Server_Name_Indication>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Dec 01 13:00:01 2025 UTC