php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74688 SSL stream errors are not exposed by error_get_last()
Submitted: 2017-06-01 11:54 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bilge at scriptfusion dot com Assigned:
Status: Open Package: HTTP related
PHP Version: 5.6.30 OS: Linux 2.6.32-642.6.2.el6.x86_64
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-06-01 11:54 UTC] bilge at scriptfusion dot com
Description:
------------
Using file_get_contents() in an object oriented application can be perilous since it emits errors and warnings directly. We would prefer to silence the call, check the return value and if it's false retrieve the error message. e.g. if (false === @file_get_contents(...)) { $error = error_get_last(); }.

This strategy works well for HTTP calls but when one throws SSL into the mix the errors returned by error_get_last() are different from the ones emitted directly by file_get_contents(). More specifically, the errors become vague and unhelpful. The real details of the failure can only be seen by removing the silence operator (@) and thus this is the crux of the bug: it is not possible to see SSL errors in an object oriented environment.

N.B. Calling openssl_error_string() just returns false.

---
For example, the test script below outputs a general failure message such as:

"file_get_contents(https://[::1]:6666): failed to open stream: Connection refused"

However, since we are using a self-signed certificate, removing the silence operator yields a much more useful error message from OpenSSL:

file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The problem is PHP provides no way to capture this output from OpenSSL.

Test script:
---------------
if (false === $response = @file_get_contents(
    'https://[::1]:6666',
    false,
    stream_context_create([
        'http' => ['ignore_errors' => true],
    ])
)) {
    echo error_get_last()['message']; // file_get_contents(https://[::1]:6666): failed to open stream: Connection refused
    var_dump(openssl_error_string()); // bool(false)
    // We can't see the real error that occurred in the OpenSSL subsystem.
}




Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC