php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61285 SSL connections do not timeout
Submitted: 2012-03-05 12:08 UTC Modified: 2015-03-04 15:58 UTC
Votes:7
Avg. Score:4.9 ± 0.3
Reproduced:7 of 7 (100.0%)
Same Version:2 (28.6%)
Same OS:2 (28.6%)
From: tony2001@php.net Assigned: rdlowrey
Status: Closed Package: OpenSSL related
PHP Version: 5.4SVN-2012-03-05 (SVN) OS:
Private report: No CVE-ID:
 [2012-03-05 12:08 UTC] tony2001@php.net
Description:
------------
SSL connections never timeout because poll() isn't even used in ext/openssl.


Test script:
---------------
server.php:
<?php sleep(20); ?>

client.php:
<?php ini_set('default_socket_timeout',1); var_dump(file_get_contents("https://localhost/server.php")); ?>




Expected result:
----------------
# time php client.php

Warning: file_get_contents(https://localhost/server.php): failed to open stream: HTTP request failed!  in /tmp/client.php on line 1
bool(false)

real    0m2.024s
user    0m0.012s
sys     0m0.003s


Actual result:
--------------
# time php client.php
string(0) ""

real    0m20.063s
user    0m0.012s
sys     0m0.005s

Patches

ssl_timeout.diff (last revision 2012-03-05 12:08 UTC) by tony2001@php.net)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-05 12:08 UTC] tony2001@php.net
The following patch has been added/updated:

Patch Name: ssl_timeout.diff
Revision:   1330949320
URL:        https://bugs.php.net/patch-display.php?bug=61285&patch=ssl_timeout.diff&revision=1330949320
 [2012-03-05 12:37 UTC] pajoye@php.net
I am not sure anymore that this patch is correct as it looks as it will 
reintroduce the issue introduced by a previous attempt to fix that, which was 
reverted here:

http://svn.php.net/viewvc?view=revision&revision=315310
 [2013-01-20 18:38 UTC] bbroerman at bbroerman dot net
I have a proposed fix on my Github repo: https://github.com/bbroerman30/php-src

I have tested timeouts of various amounts with blocking sockets, but haven't tried to check other side-effects as of yet. 

How it works is within the read/write methods themselves, if the socket is blocking and has a timeout set, it will change the socket (temporarily) to non-blocking, and check the response from the attempted read/write with SSL_get_error and then wait/retry based on the response from SSL_get_error and using php_pollfd_for.

When I get a chance (probably next week or so) I'll try to test the below bug, and test with non-blocking streams.

Please feel free to test as you need, and let me know if you find any bugs.
 [2013-01-21 09:16 UTC] tony2001@php.net
Uhm.. for some reason Github shows a lot of whitespace changes there.
Could you try to rewrite the patch to avoid them?
 [2013-01-21 09:20 UTC] pajoye@php.net
Could you create a pull request as well? Much easier to track and comment :)
 [2013-01-21 09:21 UTC] rasmus@php.net
Tony, you can just add ?w=1 to the Github URL and it will show you the diff 
without the whitespace changes.
 [2013-01-23 02:40 UTC] bbroerman at bbroerman dot net
I sent the pull request a couple days ago.
 [2013-01-23 03:05 UTC] bbroerman at bbroerman dot net
When I get a chance, I'll back out the changes, and re-do them with the same whitespace as the original... May be a couple weeks.
 [2013-08-24 14:59 UTC] boen dot robot at gmail dot com
At the risk of being annoying, I'd like to repeat what I said in GitHub, in case it was missed...

bbroerman's changes have been done already. So, could this be merged now please?

(This issue also affects me, obviously...)
 [2014-12-31 04:09 UTC] bbroerman at bbroerman dot net
I am making another run at the fix, this time updated for the current trunk release of PHP (my previous was for 5.5.18)

I am trying to test, but I am running into issues with make test that I am not sure are related or not. When I know for sure I'll add another comment.

If they are related, I may need guidance on what these tests are, and how timeouts on read/write may affect them.
 [2014-12-31 04:44 UTC] bbroerman at bbroerman dot net
The comparison to the baseline (php/php-src) yielded less errors on my fork than on the origin. The php/php-src had the same errors that mine did, and more.

I will do functionality testing tomorrow, and if it works well, I will create a pull request
 [2015-03-04 15:58 UTC] rdlowrey@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: rdlowrey
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Jul 26 04:01:41 2017 UTC