ID: 35160 User updated by: beckman at purplecow dot com Reported By: beckman at purplecow dot com Status: Bogus Bug Type: OpenSSL related Operating System: FreeBSD 5.3-RELEASE-p10 PHP Version: 5CVS-2005-11-09 (snap) New Comment:
It seems my other posts are no longer here... I can't disagree that my bug doesn't imply a problem with PHP itself, but I was hoping that someone could say "this is a bug with OpenSSL and NOT PHP" not just that "it works fine." I grabbed the 200511182130 snapshot with OpenSSL 0.9.8a. During make: /usr/home/beckman/tmp/php5-200511182130/ext/openssl/openssl.c: In function `php_openssl_x509_from_zval': /usr/home/beckman/tmp/php5-200511182130/ext/openssl/openssl.c:770: warning: passing arg 1 of `PEM_ASN1_read_bio' from incompatible pointer type Then after it built, I tried to run it again: ~/tmp/php5-200511182130/sapi/cli --> ./php <?php file_get_contents("https://www.katazo.com/secure/checkout/"); ^D Warning: file_get_contents(): failed to create an SSL context in /usr/home/beckman/tmp/php5-200511182130/sapi/cli/- on line 2 Warning: file_get_contents(): Failed to enable crypto in /usr/home/beckman/tmp/php5-200511182130/sapi/cli/- on line 2 Warning: file_get_contents(https://www.katazo.com/secure/checkout/): failed to open stream: Operation now in progress in /usr/home/beckman/tmp/php5-200511182130/sapi/cli/- on line 2 Excerpts from My PHP -i: phpinfo() PHP Version => 5.1.0RC7-dev System => FreeBSD web2.762corp.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Build Date => Nov 18 2005 17:57:35 Configure Command => './configure' '--enable-versioning' '--enable-memory-limit' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--enable -libxml' '--with-libxml-dir=/usr/local' '--enable-spl' '--with-regex=php' '--with-apxs=/usr/local/sbin/apxs' '--prefix=/usr/local' '--with-openssl=/usr/local/ss l' 'i386-portbld-freebsd5.3' Server API => Command Line Interface ... Registered PHP Streams => php, file, http, ftp, https, ftps Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, sslv2, tls openssl OpenSSL support => enabled OpenSSL Version => OpenSSL 0.9.8a 11 Oct 2005 Is this a problem with PHP + OpenSSL 0.9.8a (since 0.9.7i works fine) or is this an OpenSSL 0.9.8a bug? Also, when you said "works fine" did you mean "compiles fine" or did you mean "I compiled 0.9.8a from source + php RC5 from source and then opened an HTTPS URL and got the contents successfully?" Previous Comments: ------------------------------------------------------------------------ [2005-11-17 16:41:13] [EMAIL PROTECTED] Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Works fine on fresh build on openssl 0.9.8a and PHP 5.1.0RC5. The original message on the debian list seems to imply the problem is on some pre-compiled openssl builds. Not a PHP bug. ------------------------------------------------------------------------ [2005-11-09 00:19:19] beckman at purplecow dot com Code to generate errors: file_get_contents("https://some.secure.site.com/"); echo openssl_error_string(); BTW, this string, returned from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) Reason 161 is "Library has no ciphers" returned from SSL_CTX_new. Here's my layman's thought: line 348 of ext/openssl/xp_ssl.c calls SSL_CTX_new(method) Nowhere before this is SSL_library_init() called, as per documentation on openssl.org: http://www.openssl.org/docs/ssl/SSL_library_init.html Confusingly the documentation also says that SSL_CTX_new() will load the ciphers: http://www.openssl.org/docs/ssl/SSL_CTX_new.html Though it seems that in 0.9.8a it does not. In ssl/ssl_algs.c you see that SSL_library_init() is changed a bit, and in 0.9.8a calls ssl_load_ciphers() (defined on line 168 of ssl/ssl_ciph.c) which doesn't exist in 0.9.7i. I can't tell if this is a fundamental change in OpenSSL that you have to add a function call to the openssl extension in PHP, or if OpenSSL screwed something up. My guess is that OpenSSL changed the way they load ciphers, and that the OpenSSL extension needs to be changed to do so. Granted, the OpenSSL site isn't great at documentation...... ------------------------------------------------------------------------ [2005-11-08 22:14:39] beckman at purplecow dot com Description: ------------ Using FreeBSD ports tree, I installed openssl 0.9.8a and php5-openssl, which installed the openssl libraries and tools and the php5 openssl extension openssl.so. After confirming the HTTPS/SSL contexts (streams and transports) were enabled, and OpenSSL support was enabled, I attempted to use file_get_contents to open an HTTPS:// url. This resulted in the following PHP errors: [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to create an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to enable crypto in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########): failed to open stream: Operation now in progress in /usr/local/lib/php/762dev/functions.inc on line 576 Here's what I got as the error from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) And here's what I read to lead me to believe that the problem is with a change in the way openssl initializes the ciphers: http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000219.html I think that php5-openssl does not call the SSL_library_init() function before starting use of the library. I de-installed openssl.so and the openssl library, re-installed openssl-0.9.7i, re-installed the openssl.so extension/module, and the library now works great from within PHP. Reproduce code: --------------- echo file_get_contents("https://whatever.com/"); Expected result: ---------------- The contents of whatever.com. Actual result: -------------- Errors. [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to create an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to enable crypto in /usr/local/lib/php/762dev/functions.inc on line 576 [08-Nov-2005 14:28:10] PHP Warning: file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########): failed to open stream: Operation now in progress in /usr/local/lib/php/762dev/functions.inc on line 576 Here's what I got as the error from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35160&edit=1