php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77108 Use SNI with TLS
Submitted: 2018-11-05 08:34 UTC Modified: 2019-08-30 10:21 UTC
Votes:21
Avg. Score:4.5 ± 0.8
Reproduced:20 of 20 (100.0%)
Same Version:8 (40.0%)
Same OS:12 (60.0%)
From: christian at rishoj dot net Assigned:
Status: Not a bug Package: IMAP related
PHP Version: 7.2.11 OS: Ubuntu Linux
Private report: No CVE-ID: None
 [2018-11-05 08:34 UTC] christian at rishoj dot net
Description:
------------
Using PHP 7.2.11 with OpenSSL 1.1.1, the IMAP extension fails to connect to Gmail.

Quoting from the bug tracker of Python's imaplib2, which was affected by the same issue:

> This is because [IMAP extension] does not support SNI, and Google returns an invalid certificate in that case. 
>
> Some sites want to encourage the use of SNI and configure a default certificate that fails WebPKI authentication when the client supports TLS 1.3.

The IMAP extension should use SNI if TLS version is 1.3.


Actual result:
--------------
Error message when connecting to Gmail:

> RuntimeException: Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-15 13:44 UTC] jcutting at enable dot services
This is can be replicated on stock Debian unstable and testing
 [2019-06-26 15:02 UTC] amontero at tinet dot org
Same here.
Also filed https://bugs.launchpad.net/ubuntu/+source/php-imap/+bug/1834340
 [2019-07-25 23:13 UTC] dzuelke at gmail dot com
This is a problem in the underlying UW IMAP client library (which is basically abandoned). There is nothing that can be done on the PHP extension level.
 [2019-08-30 04:09 UTC] dzuelke at gmail dot com
This issue can be closed as "invalid", since it's not a bug in PHP.

FYI, Ubuntu's bionic-updates (and newer) now has a fixed libc-client2007e package.
 [2019-08-30 10:21 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2019-08-30 10:21 UTC] requinix@php.net
Closing per above.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Sep 21 19:01:26 2019 UTC