php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54511 Failure in socket open to some SSL server
Submitted: 2011-04-12 09:51 UTC Modified: 2021-06-25 16:41 UTC
Votes:19
Avg. Score:4.1 ± 1.1
Reproduced:15 of 17 (88.2%)
Same Version:2 (13.3%)
Same OS:3 (20.0%)
From: dbpalan at hotmail dot com Assigned: cmb (profile)
Status: Not a bug Package: OpenSSL related
PHP Version: 5.3.6 OS: Debian Squeeze
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dbpalan at hotmail dot com
New email:
PHP Version: OS:

 

 [2011-04-12 09:51 UTC] dbpalan at hotmail dot com 
Description:
------------
fsockopen() connect to a server always failed.  After some tests it is confirmed due to a bug in a SSL function call which only occur in new version:

5.2.6  - passed
5.2.17 - passed
5.3.0  - passed
5.3.1  - passed
5.3.2  - failed
5.3.3  - failed
5.3.6  - failed

The bug was introduced from svn revision #291493 "merge from trunk: openssl sni support" from the function call to SSL_set_tlsext_host_name(sslsock->ssl_handle, sslsock->sni).

If I remark this function, everything works fine.

I have no further idea what is this function do, and what side effect without this function.  Please advice and hope a fix would be available.  Thank you.


Test script:
---------------
<?
$fp = fsockopen("ssl://smtpb.scig.gov.hk", 465, $errno, $errstr, 30);
if (!$fp) {
    echo "fail: $errstr ($errno)\n";
} else {
    echo "success";
}
?>


Expected result:
----------------
$fp is a non-zero handle, the screen will show "success"

Actual result:
--------------
$fp is EMPTY, the screen will show:

Warning: fsockopen() [function.fsockopen]: SSL operation failed with code 1. OpenSSL Error messages: error:14094417:SSL routines:func(148):reason(1047) in /www/test.php on line 2

Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in /www/test.php on line 2

Warning: fsockopen() [function.fsockopen]: unable to connect to ssl://smtpb.scig.gov.hk:465 (Unknown error) in /www/test.php on line 2

fail: 0

Patches

?''?"" (last revision 2021-04-14 02:14 UTC by sample at email dot tst)
php5_5.3.4-fsockopen.patch (last revision 2013-06-17 08:36 UTC by dbpalan at hotmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-12 10:04 UTC] dbpalan at hotmail dot com 
1. The function call is located in ext/openssl/xp_ssl.c

2. A workaround is replace the line fsockopen() with:

    $context = stream_context_create(array(
        'ssl' => array('SNI_server_name' => 'smtpb.scig.gov.hk'),
    ));
    $fp = stream_socket_client("tcp://smtpb.scig.gov.hk:465", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
 [2012-07-12 07:22 UTC] alexwichti at googlemail dot com 
Bug still exists in 5.4.3.
Workaround by dbpalan works though, thanks!
 [2021-06-25 16:41 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-06-25 16:41 UTC] cmb@php.net 
What you're calling workaround is actually the solution.
Obviously, that server (which appears to be no longer available)
required SNI[1].  To enable that as of PHP 7.0.0:

    $context = stream_context_create([
        'ssl' => [
            'SNI_enabled' => true,
            'peer_name' => 'smtpb.scig.gov.hk'
        ],
    ]);

[1] <https://en.wikipedia.org/wiki/Server_Name_Indication>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 16 10:01:29 2024 UTC