[Bug 592442] Re: fopen fails on some SSL urls
Anders Østhus
592442 at bugs.launchpad.net
Sun Apr 15 13:05:22 UTC 2012
I'm seeing this issue on 12.04 as well.
Just for completeness I've tested with the same script on the latest
10.04, 10.10, 11.04, 11.10 and 12.04.
The script I'm using is:
<?php
$ufurl = "https://graph.facebook.com/19292868552";
$fp = fopen($ufurl, 'r');
$data = fread($fp, 10000);
var_dump($data);
?>
Results:
10.04:
PHP 5.3.2-1ubuntu4.14 with Suhosin-Patch
OpenSSL 0.9.8k 25 Mar 2009
Data recieved from Facebook.
10.10:
PHP 5.3.3-1ubuntu9.10 with Suhosin-Patch
OpenSSL 0.9.8o 01 Jun 2010
Data recieved from Facebook.
11.04:
PHP 5.3.5-1ubuntu7.7 with Suhosin-Patch
OpenSSL 0.9.8o 01 Jun 2010
Data recieved from Facebook.
11.10:
PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch
OpenSSL 1.0.0e 6 Sep 2011
Data recieved from Facebook.
12.04 (latest available packages):
PHP 5.3.10-1ubuntu3 with Suhosin-Patch
OpenSSL 1.0.1 14 Mar 2012
Result:
PHP Warning: fopen(): SSL: crypto enabling timeout in /home/ubuntu/ssltest.php on line 3
PHP Warning: fopen(): Failed to enable crypto in /home/ubuntu/ssltest.php on line 3
PHP Warning: fopen(https://graph.facebook.com/19292868552): failed to open stream: operation failed in /home/ubuntu/ssltest.php on line 3
PHP Warning: fread() expects parameter 1 to be resource, boolean given in /home/ubuntu/ssltest.php on line 4
bool(false)
So it seems like this is a regression in either PHP or OpenSSL. I'm
guessing OpenSSL, since I'm seeing similar behavior in Ruby aswell.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/592442
Title:
fopen fails on some SSL urls
Status in PHP: Hypertext Preprocessor:
Unknown
Status in “openssl” package in Ubuntu:
Confirmed
Status in “php5” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: php5
Description: Ubuntu 10.04 LTS
Release: 10.04
php5:
Installed: 5.3.2-1ubuntu4.2
Candidate: 5.3.2-1ubuntu4.2
Version table:
*** 5.3.2-1ubuntu4.2 0
500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
100 /var/lib/dpkg/status
5.3.2-1ubuntu4 0
500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages
For some reason I can't seem to get the following to work. I suspect a
SSL problem. Maybe the intermediate SSL cert is not being recognized
properly? The server cert is signed by geotrust (which is an
intermediate of equifax[1]).
I put the following in a file called /tmp/fopen.php:
<?php
if (fopen("https://www.google.com","r")) { print "www.google.com worked\n"; }
if (fopen("https://cas.ucdavis.edu","r")) { print "cas.ucdavis.edu worked\n"; }
?>
Then I run the php via an apache web and/or via the php5-cli (the
results are the same in both cases):
$ php /tmp/fopen.php
www.google.com worked
PHP Warning: fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:140773F2:SSL routines:func(119):reason(1010) in /tmp/fopen.php on line 3
PHP Warning: fopen(): Failed to enable crypto in /tmp/fopen.php on line 3
PHP Warning: fopen(https://cas.ucdavis.edu): failed to open stream: operation failed in /tmp/fopen.php on line 3
$
When I run the above command on a karmic or jaunty machine it works
fine for both fopen() calls. I've attached a tcpdump of the above
script.
As you can see from the dump, Google is working but my server is not. I get an SSL alert packet (packet #29) back with code 10
(unexpected message). Maybe this is an intermediate cert verification problem?
What is funny is that I get an ACK right before that. It seems like
maybe the server is sending an ACK, client starts talking, server
isn't ready and sends an out-of-order message.
Scott
-----------
[1] https://www.geotrust.com/resources/root-certificates/index.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/php/+bug/592442/+subscriptions
More information about the foundations-bugs
mailing list