Edit report at http://bugs.php.net/bug.php?id=53447&edit=1
ID: 53447
Updated by: ahar...@php.net
Reported by: clint at ubuntu dot com
Summary: Cannot disable SessionTicket extension for servers
that do not support it
-Status: Open
+Status: Assigned
Type: Bug
Package: OpenSSL related
Operating System: Linux (Ubuntu)
PHP Version: 5.3.3
-Assigned To:
+Assigned To: aharvey
Block user comment: N
Private report: N
Previous Comments:
------------------------------------------------------------------------
[2010-12-02 07:39:13] clint at ubuntu dot com
Description:
------------
This bug originated here:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/592442
As noted in the bug discussion, servers that do not properly support the
SessionTicket extension added in openssl 0.9.8n and later will produce
an error.
Users should have the ability to disable this extension, much like the
openssl
s_client utility does by passing -no_ticket.
With the test script below, if php is compiled against openssl < 0.9.8n
(such as
0.9.8g) will print the actual HTTP result on all three servers, but with
>=
0.9.8n, will fail with SSL errors.
Test script:
---------------
<?php
$urls = array("https://cas.ucdavis.edu/login";,
"https://server.db.kvk.nl/";, "https://gmail.com/";);
foreach ($urls as $url) {
$fp = fopen($url, 'r');
print "$url - ";
if ($fp === FALSE) {
print "FAIL\n";
} else {
$data = stream_get_contents($fp);
print "OK ". strlen($data)." bytes\n";
}
fclose($fp);
}
Expected result:
----------------
https://cas.ucdavis.edu/login - OK 4796 bytes
Warning: fopen(https://server.db.kvk.nl/): failed to open stream: HTTP
request
failed! HTTP/1.1 403 Forbidden
in /home/clint/test.php on line 6
https://server.db.kvk.nl/ - FAIL
Warning: fclose(): supplied argument is not a valid stream resource in
/home/clint/test.php on line 14
https://gmail.com/ - OK 19059 bytes
Actual result:
--------------
# php test.php
PHP Warning: fopen(): SSL operation failed with code 1. OpenSSL Error
messages:
error:140773F2:SSL routines:func(119):reason(1010) in
/home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 6
PHP Warning: fopen(): Failed to enable crypto in
/home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 6
PHP Warning: fopen(https://cas.ucdavis.edu/login): failed to open
stream:
operation failed in /home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php
on line
6
https://cas.ucdavis.edu/login - FAIL
PHP Warning: fclose() expects parameter 1 to be resource, boolean given
in
/home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 14
PHP Warning: fopen(): SSL operation failed with code 1. OpenSSL Error
messages:
error:1407741A:SSL routines:func(119):reason(1050) in
/home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 6
PHP Warning: fopen(): Failed to enable crypto in
/home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 6
PHP Warning: fopen(https://server.db.kvk.nl/): failed to open stream:
operation
failed in /home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 6
https://server.db.kvk.nl/ - FAIL
PHP Warning: fclose() expects parameter 1 to be resource, boolean given
in
/home/clint/pkg/php5/bzr/natty-php-ssl-fix/test.php on line 14
https://gmail.com/ - OK 19061 bytes
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53447&edit=1
