php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69319 stream_context_set_default() options not set as default in streaming functions
Submitted: 2015-03-28 12:52 UTC Modified: 2022-10-05 17:30 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: php at 281180 dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: 5.6.7 OS: Linux Debian Wheezy 7.8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-03-28 12:52 UTC] php at 281180 dot de 
Description:
------------
As of PHP 5.6 all encrypted client streams now enable peer verification by default. 

The problem is that e. g. some certs are self-signed and streams will not work without adjusting some parts. 

The easiest way in some cases would be enabling the ssl option 'allow_self_signed' via stream_context_set_default()

But unfortunately options set via stream_context_set_default() are not honored by e. g. stream_socket_client()

Other packages seem to have the same problem:
- #54440 (here an XML issue)
- #68344 (here a MySQL issue)

Test script:
---------------
// set default stream options
$default_options = [
	'ssl' => [
		'allow_self_signed' => true,
	],
];
stream_context_set_default($default_options);

// set special stream options
$options = [
	'ssl' => [
		'verify_peer_name' => false,
	],
];

// open stream considering default options
$stream = stream_socket_client($host.':'.$port, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, stream_context_create($options));


Expected result:
----------------
Stream to work and honor both $default_options and $options

Actual result:
--------------
$default_options are ignored and the following warning is triggered:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in XXX on line XX

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2022-10-05 17:30 UTC] bukka@php.net
-Package: Streams related +Package: OpenSSL related
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Fri Jan 27 18:03:49 2023 UTC