php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61276 OpenSSL old version
Submitted: 2012-03-04 18:06 UTC Modified: 2012-03-05 20:01 UTC
From: frenky dot pv at atlas dot cz Assigned:
Status: Not a bug Package: *Network Functions
PHP Version: 5.4.0 OS: Win 2k3 IIS 6
Private report: No CVE-ID:
 [2012-03-04 18:06 UTC] frenky dot pv at atlas dot cz
Description:
------------
file(): SSL operation failed with code 1. OpenSSL Error messages:
error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) in C:\Inetpub\KC\class\tab_card.php at line 1452

file(): Failed to enable crypto in C:\Inetpub\KC\class\tab_card.php at line 1452
file(https://.../resetpwd.jsp...): failed to open stream: operation failed in C:\Inetpub\...\tab_card.php at line 1452

PHP 5.4 old verse contains the OpenSSL functions that the file has a problem with loading the https site, where the version used 1.0.0.x. When you replace the files libeay32.dll and libssl32.dll version 0.9.8.20 for 1.0.0.7 and PHP (fastcgi) becomes unstable and causes HTTP error 500 (internal error).

Test script:
---------------
$url = 'http://...';
$out = file( $url );


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-05 18:44 UTC] pajoye@php.net
Please use the 0.9.x version of openssl.

With IIS you can use fastcgi and PHP's own DLLs.
 [2012-03-05 18:44 UTC] pajoye@php.net
-Status: Open +Status: Not a bug
 [2012-03-05 20:01 UTC] frenky dot pv at atlas dot cz
I use version 0.9.8.20 OPENSSL.

 The problem has been solved:
 When using curl CURLOPT_SSLVERSION must be set to 3
 All this works.
 [2013-05-03 21:38 UTC] mancha1 at hush dot com
Hello. This is due to how OpenSSL 0.9.8 mishandles warning-level alerts. I have submitted a fix to OpenSSL for their review which you can track here: http://marc.info/?l=openssl-dev&m=136760073921954&w=2 (RT #3038).

--mancha
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Apr 25 12:01:39 2017 UTC