php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63113 can't call method from webservice server ssl3
Submitted: 2012-09-18 16:57 UTC Modified: 2012-11-04 15:31 UTC
From: milad dot arabi at gmail dot com Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 5.3.17 OS: opensuse 11.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: milad dot arabi at gmail dot com
New email:
PHP Version: OS:

 

 [2012-09-18 16:57 UTC] milad dot arabi at gmail dot com 
Description:
------------
hi all

i must connect to some webservice server that only accepts ssl3.
in command line i set -ssl3 flag for openssl and work fine.if i not specify version,openssl don't attmep version 3 and got error.i think this wrong behavior affected on php.
but in php we can't specify what ssl version to use.
php5.3.5

sorry for my poor language

Actual result:
--------------
SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://domain.com:8888/bsiws/billing?wsdl' : failed to load external entity "https://domain.com:8888/bsiws/billing?wsdl"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-19 01:53 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2012-09-19 01:53 UTC] aharvey@php.net 
This seems odd. PHP supports SSLv3 in OpenSSL fine.

What error messages do you get? Make sure error_reporting is set to -1 and display_errors is turned on.

What happens if you try file_get_contents('https://domain.com:8888/bsiws/billing?wsdl')?

Finally, please try a current version: either 5.3.17 or 5.4.7.
 [2012-09-19 14:47 UTC] milad dot arabi at gmail dot com 
my server under load and i really cant update it,that webservice only accept specific ip.

file_get_contents result:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(): Failed to enable crypto in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(https://mydomain-server.com:8888/bsiws/billing?wsdl): failed to open stream: operation failed in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4
 [2012-09-19 15:25 UTC] milad dot arabi at gmail dot com 
one think i forgot,that company don't register their domain and we add manually in DNS server and of course their Certification is invalid.

Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:unexpected_message
SSL_connect:error in SSLv2/v3 read server hello A
139780943029928:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert u                                                                nexpected message:s23_clnt.c:658:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 209 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---




Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state -ssl3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
   i:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICSTCCAbKgAwIBAgIESxo90jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ
UjEPMA0GA1UECBMGVGVocmFuMQ8wDQYDVQQHEwZUZWhyYW4xDDAKBgNVBAoTA0lT
QzERMA8GA1UECxMISXNjYm9hcmQxFzAVBgNVBAMMDiouaXNjYm9hcmQuY29tMB4X
DTA5MTIwNTExMDI0MloXDTE5MTIwMzExMDI0MlowaTELMAkGA1UEBhMCSVIxDzAN
BgNVBAgTBlRlaHJhbjEPMA0GA1UEBxMGVGVocmFuMQwwCgYDVQQKEwNJU0MxETAP
BgNVBAsTCElzY2JvYXJkMRcwFQYDVQQDDA4qLmlzY2JvYXJkLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAs+y+EHRnjvdjBdAhEg2PBGn5+IAfG2Funu0c
LmtvSldvH9zALt9J/Kjgdlz24ROmD5xsqAtGXdDJL46lyRHiHVethwiU4p0hF28X
/oqdz/SpGsYWi+ICl/kQAR8E331dvU+LJD4aaf7r/te3NoBMu/37Vc8sc8uWvS77
EAYKXB0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCRENcpbuz/8FKO+ZnYDvA05Syo
90Jz3REr2n+aTDJGEYpqgRVE3RaIO4X4vQ0IC7E5RnYNjWb4zNDjML8dC1nNnv5J
yAGv+4W9N1NYOrt0ZbwQuVz4GxUE3UwLydnPOYk6hPCme3jwGJ8KWBoMIyP2eJzK
JxvBufnx6803p2b/5g==
-----END CERTIFICATE-----
subject=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
issuer=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
---
No client certificate CA names sent
---
SSL handshake has read 1185 bytes and written 321 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 5059EE1FC222FE5DE940379770C555B85F26026B14065894B6B3778B5B945815
    Session-ID-ctx:
    Master-Key: EA29F07752B705DEE9D83E5BE5B212FD9F3161323332A30833AD7BA8AC37061721BCE365FADC566A370ABD3B63953261
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1348067336
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
 [2012-09-20 02:01 UTC] aharvey@php.net 
Does it work if you use a WSDL from a server with a valid SSL certificate?
 [2012-09-20 13:00 UTC] milad dot arabi at gmail dot com 
yes,on my server i connect to 3 other https soap server without any problem with 
php.
when use openssl(from command line) to connect to that 3 server i don't specify 
ssl version and work perfectly.
this odd soap server running https over port 8888.is causing the problem?
 [2012-11-04 15:18 UTC] milad dot arabi at gmail dot com 
hi all
one of my friend solved problem by c# on windows server,he import invalid https certification file into windows and ...
invalid certification cause this problem.
tnx php guys
 [2012-11-04 15:31 UTC] felipe@php.net
-Status: Feedback +Status: Not a bug
 [2012-11-04 15:31 UTC] felipe@php.net 
Thanks for the feedback.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 22:01:30 2024 UTC