PHP :: Request #77108 :: Use SNI with TLS

Use SNI with TLS

Submitted:

2018-11-05 08:34 UTC

Modified:

2019-08-30 10:21 UTC

Votes:	21
Avg. Score:	4.5 ± 0.8
Reproduced:	20 of 20 (100.0%)
Same Version:	8 (40.0%)
Same OS:	12 (60.0%)

From:

christian at rishoj dot net

Assigned:

Status:

Not a bug

Package:

IMAP related

PHP Version:

7.2.11

OS:

Ubuntu Linux

Private report:

CVE-ID:

None

View Developer Edit

[2018-11-05 08:34 UTC] christian at rishoj dot net

Description:
------------
Using PHP 7.2.11 with OpenSSL 1.1.1, the IMAP extension fails to connect to Gmail.

Quoting from the bug tracker of Python's imaplib2, which was affected by the same issue:

> This is because [IMAP extension] does not support SNI, and Google returns an invalid certificate in that case. 
>
> Some sites want to encourage the use of SNI and configure a default certificate that fails WebPKI authentication when the client supports TLS 1.3.

The IMAP extension should use SNI if TLS version is 1.3.


Actual result:
--------------
Error message when connecting to Gmail:

> RuntimeException: Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-11-15 13:44 UTC] jcutting at enable dot services

This is can be replicated on stock Debian unstable and testing

[2019-06-26 15:02 UTC] amontero at tinet dot org

Same here.
Also filed https://bugs.launchpad.net/ubuntu/+source/php-imap/+bug/1834340

[2019-07-25 23:13 UTC] dzuelke at gmail dot com

This is a problem in the underlying UW IMAP client library (which is basically abandoned). There is nothing that can be done on the PHP extension level.

[2019-08-30 04:09 UTC] dzuelke at gmail dot com

This issue can be closed as "invalid", since it's not a bug in PHP.

FYI, Ubuntu's bionic-updates (and newer) now has a fixed libc-client2007e package.

[2019-08-30 10:21 UTC] requinix@php.net

-Status: Open +Status: Not a bug

[2019-08-30 10:21 UTC] requinix@php.net

Closing per above.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 06:01:30 2024 UTC