ID: 47991 Updated by: [email protected] Reported By: [email protected] -Status: Assigned +Status: Closed Bug Type: Streams related Operating System: * PHP Version: 5.2.9 Assigned To: pajoye New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2009-04-16 16:43:46] [email protected] Description: ------------ In ext/openssl/openssl.c : php_openssl_parse_config might push errors into OpenSSL error stack in case the keys requested by the application are not found from the openssl.cnf file. This is fine normally but it seems that if error stack contains such an error all future calls to SSL_CTX_use_certificate_chain_file fail. This is a nasty side-effect since SSL_CTX_use_certificate_chain_file is used when opening streams that authenticate with client cert. I haven't tested if the SSL_CTX_use_certificate_chain_file fails with other errors than missing config keys. Probably does. The simple fix which fixes the issue seems to be the following: Index: openssl.c =================================================================== RCS file: /repository/php-src/ext/openssl/openssl.c,v retrieving revision 1.180 diff -u -r1.180 openssl.c --- openssl.c 29 Mar 2009 23:32:17 -0000 1.180 +++ openssl.c 16 Apr 2009 16:42:35 -0000 @@ -4674,6 +4674,10 @@ char resolved_path_buff[MAXPATHLEN]; if (VCWD_REALPATH(certfile, resolved_path_buff)) { + /* SSL_CTX_use_certificate_chain_file seems to be failing if error + stack is not cleared before using cert chain file */ + ERR_clear_error(); + /* a certificate to use for authentication */ if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); Reproduce code: --------------- <?php $url = 'https://someurl.example.com/'; $crt = '/tmp/test.pem'; $context = stream_context_create(); stream_context_set_option($context, 'ssl', 'allow_self_signed', true); stream_context_set_option($context, 'ssl', 'local_cert', $crt); /* This call causes the failure */ openssl_pkey_new(); var_dump(file_get_contents($url, 0, $context)); /* The last error shows missing conf key warning */ echo openssl_error_string(); ?> Expected result: ---------------- No errors, everything works. Actual result: -------------- SSL_CTX_use_certificate_chain_file returns failure and the call fails. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47991&edit=1
