ID: 35160
User updated by: beckman at purplecow dot com
Reported By: beckman at purplecow dot com
Status: Bogus
Bug Type: OpenSSL related
Operating System: FreeBSD 5.3-RELEASE-p10
PHP Version: 5CVS-2005-11-09 (snap)
New Comment:
It seems my other posts are no longer here...
I can't disagree that my bug doesn't imply a problem with PHP itself,
but I was hoping that someone could say "this is a bug with OpenSSL and
NOT PHP" not just that "it works fine."
I grabbed the 200511182130 snapshot with OpenSSL 0.9.8a. During make:
/usr/home/beckman/tmp/php5-200511182130/ext/openssl/openssl.c: In
function `php_openssl_x509_from_zval':
/usr/home/beckman/tmp/php5-200511182130/ext/openssl/openssl.c:770:
warning: passing arg 1 of `PEM_ASN1_read_bio' from incompatible pointer
type
Then after it built, I tried to run it again:
~/tmp/php5-200511182130/sapi/cli --> ./php
<?php
file_get_contents("https://www.katazo.com/secure/checkout/";);
^D
Warning: file_get_contents(): failed to create an SSL context in
/usr/home/beckman/tmp/php5-200511182130/sapi/cli/- on line 2
Warning: file_get_contents(): Failed to enable crypto in
/usr/home/beckman/tmp/php5-200511182130/sapi/cli/- on line 2
Warning: file_get_contents(https://www.katazo.com/secure/checkout/):
failed to open stream: Operation now in progress in
/usr/home/beckman/tmp/php5-200511182130/sapi/cli/- on line 2
Excerpts from My PHP -i:
phpinfo()
PHP Version => 5.1.0RC7-dev
System => FreeBSD web2.762corp.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0:
Sun May 8 10:21:06 UTC 2005
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
i386
Build Date => Nov 18 2005 17:57:35
Configure Command => './configure' '--enable-versioning'
'--enable-memory-limit' '--with-layout=GNU'
'--with-config-file-scan-dir=/usr/local/etc/php' '--enable
-libxml' '--with-libxml-dir=/usr/local' '--enable-spl'
'--with-regex=php' '--with-apxs=/usr/local/sbin/apxs'
'--prefix=/usr/local' '--with-openssl=/usr/local/ss
l' 'i386-portbld-freebsd5.3'
Server API => Command Line Interface
...
Registered PHP Streams => php, file, http, ftp, https, ftps
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3,
sslv2, tls
openssl
OpenSSL support => enabled
OpenSSL Version => OpenSSL 0.9.8a 11 Oct 2005
Is this a problem with PHP + OpenSSL 0.9.8a (since 0.9.7i works fine)
or is this an OpenSSL 0.9.8a bug?
Also, when you said "works fine" did you mean "compiles fine" or did
you mean "I compiled 0.9.8a from source + php RC5 from source and then
opened an HTTPS URL and got the contents successfully?"
Previous Comments:
------------------------------------------------------------------------
[2005-11-17 16:41:13] [EMAIL PROTECTED]
Sorry, but your problem does not imply a bug in PHP itself. For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. Due to the volume
of reports we can not explain in detail here why your report is not
a bug. The support channels will be able to provide an explanation
for you.
Thank you for your interest in PHP.
Works fine on fresh build on openssl 0.9.8a and PHP 5.1.0RC5. The
original message on the debian list seems to imply the problem is on
some pre-compiled openssl builds.
Not a PHP bug.
------------------------------------------------------------------------
[2005-11-09 00:19:19] beckman at purplecow dot com
Code to generate errors:
file_get_contents("https://some.secure.site.com/";);
echo openssl_error_string();
BTW, this string, returned from openssl_error_string():
error:140A90A1:SSL routines:func(169):reason(161)
Reason 161 is "Library has no ciphers" returned from SSL_CTX_new.
Here's my layman's thought:
line 348 of ext/openssl/xp_ssl.c calls SSL_CTX_new(method)
Nowhere before this is SSL_library_init() called, as per documentation
on openssl.org:
http://www.openssl.org/docs/ssl/SSL_library_init.html
Confusingly the documentation also says that SSL_CTX_new() will load
the ciphers:
http://www.openssl.org/docs/ssl/SSL_CTX_new.html
Though it seems that in 0.9.8a it does not.
In ssl/ssl_algs.c you see that SSL_library_init() is changed a bit, and
in 0.9.8a calls ssl_load_ciphers() (defined on line 168 of
ssl/ssl_ciph.c) which doesn't exist in 0.9.7i.
I can't tell if this is a fundamental change in OpenSSL that you have
to add a function call to the openssl extension in PHP, or if OpenSSL
screwed something up.
My guess is that OpenSSL changed the way they load ciphers, and that
the OpenSSL extension needs to be changed to do so. Granted, the
OpenSSL site isn't great at documentation......
------------------------------------------------------------------------
[2005-11-08 22:14:39] beckman at purplecow dot com
Description:
------------
Using FreeBSD ports tree, I installed openssl 0.9.8a and php5-openssl,
which installed the openssl libraries and tools and the php5 openssl
extension openssl.so.
After confirming the HTTPS/SSL contexts (streams and transports) were
enabled, and OpenSSL support was enabled, I attempted to use
file_get_contents to open an HTTPS:// url.
This resulted in the following PHP errors:
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to
create
an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to
enable
crypto in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:
file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########):
failed to open stream: Operation
now in progress in /usr/local/lib/php/762dev/functions.inc on line
576
Here's what I got as the error from openssl_error_string():
error:140A90A1:SSL routines:func(169):reason(161)
And here's what I read to lead me to believe that the problem is with
a
change in the way openssl initializes the ciphers:
http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000219.html
I think that php5-openssl does not call the SSL_library_init() function
before starting use of the library.
I de-installed openssl.so and the openssl library, re-installed
openssl-0.9.7i, re-installed the openssl.so extension/module, and the
library now works great from within PHP.
Reproduce code:
---------------
echo file_get_contents("https://whatever.com/";);
Expected result:
----------------
The contents of whatever.com.
Actual result:
--------------
Errors.
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): failed to
create
an SSL context in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning: file_get_contents(): Failed to
enable
crypto in /usr/local/lib/php/762dev/functions.inc on line 576
[08-Nov-2005 14:28:10] PHP Warning:
file_get_contents(https://##.#########.com/?user=######&passwd=######&msisdn=###########):
failed to open stream: Operation
now in progress in /usr/local/lib/php/762dev/functions.inc on line
576
Here's what I got as the error from openssl_error_string():
error:140A90A1:SSL routines:func(169):reason(161)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35160&edit=1
