|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77108 Use SNI with TLS
Submitted: 2018-11-05 08:34 UTC Modified: -
Avg. Score:4.6 ± 0.6
Reproduced:15 of 15 (100.0%)
Same Version:5 (33.3%)
Same OS:8 (53.3%)
From: christian at rishoj dot net Assigned:
Status: Open Package: IMAP related
PHP Version: 7.2.11 OS: Ubuntu Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-11-05 08:34 UTC] christian at rishoj dot net
Using PHP 7.2.11 with OpenSSL 1.1.1, the IMAP extension fails to connect to Gmail.

Quoting from the bug tracker of Python's imaplib2, which was affected by the same issue:

> This is because [IMAP extension] does not support SNI, and Google returns an invalid certificate in that case. 
> Some sites want to encourage the use of SNI and configure a default certificate that fails WebPKI authentication when the client supports TLS 1.3.

The IMAP extension should use SNI if TLS version is 1.3.

Actual result:
Error message when connecting to Gmail:

> RuntimeException: Certificate failure for self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-15 13:44 UTC] jcutting at enable dot services
This is can be replicated on stock Debian unstable and testing
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Jun 16 20:01:28 2019 UTC