ID: 35160
User updated by: beckman at purplecow dot com
Reported By: beckman at purplecow dot com
Status: Open
Bug Type: OpenSSL related
Operating System: FreeBSD 5.3-RELEASE-p10
PHP Version: 5.0.5
New Comment:
Code to generate errors:
file_get_contents("https://some.secure.site.com/";);
echo openssl_error_string();
BTW, this string, returned from openssl_error_string():
error:140A90A1:SSL routines:func(169):reason(161)
Reason 161 is "Library has no ciphers" returned from SSL_CTX_new.
Here's my layman's thought:
line 348 of ext/openssl/xp_ssl.c calls SSL_CTX_new(method)
Nowhere before this is SSL_library_init() called, as per documentation
on openssl.org:
http://www.openssl.org/docs/ssl/SSL_library_init.html
Confusingly the documentation also says that SSL_CTX_new() will load
the ciphers:
http://www.openssl.org/docs/ssl/SSL_CTX_new.html
Though it seems that in 0.9.8a it does not.
In ssl/ssl_algs.c you see that SSL_library_init() is changed a bit, and
in 0.9.8a calls ssl_load_ciphers() (defined on line 168 of
ssl/ssl_ciph.c) which doesn't exist in 0.9.7i.
I can't tell if this is a fundamental change in OpenSSL that you have
to add a function call to the openssl extension in PHP, or if OpenSSL
screwed something up.
My guess is that OpenSSL changed the way they load ciphers, and that
the OpenSSL extension needs to be changed to do so. Granted, the
OpenSSL site isn't great at documentation......
Previous Comments:
------------------------------------------------------------------------
[2005-11-08 23:53:32] beckman at purplecow dot com
Same results, using php5-latest:
[08-Nov-2005 17:50:52] PHP Warning: file_get_contents(): failed to
create an SSL context in
/usr/home/beckman/tmp/php5-200511082130/sapi/cli/- on line 15
[08-Nov-2005 17:50:52] PHP Warning: file_get_contents(): Failed to
enable crypto in /usr/home/beckman/tmp/php5-200511082130/sapi/cli/- on
line 15
[08-Nov-2005 17:50:52] PHP Warning:
file_get_contents(https://#####################/############): failed
to open stream: Operation now in progress in
/usr/home/beckman/tmp/php5-200511082130/sapi/cli/- on line 15
System => FreeBSD web2.762corp.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0:
Sun May 8 10:21:06 UTC 2005
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
i386
Build Date => Nov 8 2005 17:47:38
Configure Command => './configure' '--enable-versioning'
'--enable-memory-limit' '--with-layout=GNU'
'--with-config-file-scan-dir=/usr/local/etc/php' '--enable
-libxml' '--with-libxml-dir=/usr/local' '--enable-spl'
'--with-regex=php' '--with-apxs=/usr/local/sbin/apxs'
'--prefix=/usr/local' '--with-openssl=/usr/local' '
i386-portbld-freebsd5.3'
Registered PHP Streams => php, file, http, ftp, https, ftps
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3,
sslv2, tls
openssl
OpenSSL support => enabled
OpenSSL Version => OpenSSL 0.9.8a 11 Oct 2005
------------------------------------------------------------------------
[2005-11-08 23:25:49] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
And if it doesn't work either, provide a short reproducing script.
Note: We do NOT support any "ports".
------------------------------------------------------------------------
[2005-11-08 22:14:39] beckman at purplecow dot com
Description:
------------
Using FreeBSD ports tree, I installed openssl 0.9.8a and php5-openssl,
which installed the openssl libraries and tools and the php5 openssl
extension openssl.so.
After confirming the HTTPS/SSL contexts (streams and transports) were
enabled, and OpenSSL support was enabled, I attempted to use
file_get_contents to open an HTTPS:// url.
This resulted in the following PHP errors:
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to
create
an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to
enable
crypto in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:
file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########):
failed to open stream: Operation
now in progress in /usr/local/lib/php/762dev/functions.inc on line
576
Here's what I got as the error from openssl_error_string():
error:140A90A1:SSL routines:func(169):reason(161)
And here's what I read to lead me to believe that the problem is with
a
change in the way openssl initializes the ciphers:
http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000219.html
I think that php5-openssl does not call the SSL_library_init() function
before starting use of the library.
I de-installed openssl.so and the openssl library, re-installed
openssl-0.9.7i, re-installed the openssl.so extension/module, and the
library now works great from within PHP.
Reproduce code:
---------------
echo file_get_contents("https://whatever.com/";);
Expected result:
----------------
The contents of whatever.com.
Actual result:
--------------
Errors.
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to
create
an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to
enable
crypto in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:
file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########):
failed to open stream: Operation
now in progress in /usr/local/lib/php/762dev/functions.inc on line
576
Here's what I got as the error from openssl_error_string():
error:140A90A1:SSL routines:func(169):reason(161)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35160&edit=1
