php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77108 Use SNI with TLS
Submitted: 2018-11-05 08:34 UTC Modified: -
Votes:16
Avg. Score:4.6 ± 0.6
Reproduced:15 of 15 (100.0%)
Same Version:5 (33.3%)
Same OS:8 (53.3%)
From: christian at rishoj dot net Assigned:
Status: Open Package: IMAP related
PHP Version: 7.2.11 OS: Ubuntu Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-11-05 08:34 UTC] christian at rishoj dot net
Description:
------------
Using PHP 7.2.11 with OpenSSL 1.1.1, the IMAP extension fails to connect to Gmail.

Quoting from the bug tracker of Python's imaplib2, which was affected by the same issue:

> This is because [IMAP extension] does not support SNI, and Google returns an invalid certificate in that case. 
>
> Some sites want to encourage the use of SNI and configure a default certificate that fails WebPKI authentication when the client supports TLS 1.3.

The IMAP extension should use SNI if TLS version is 1.3.


Actual result:
--------------
Error message when connecting to Gmail:

> RuntimeException: Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-15 13:44 UTC] jcutting at enable dot services
This is can be replicated on stock Debian unstable and testing
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Jun 16 20:01:28 2019 UTC