ID: 36445 Comment by: gladyston at eacnet dot com dot br Reported By: Jacek at veo dot pl Status: Assigned Bug Type: Sockets related Operating System: SuSE Linux 9.1 PHP Version: 5.1.4 Assigned To: wez New Comment:
--> Apache 2.2 --> PHP Version 5.1.4 --> Linux 2.6.8-2-386 Aug 16 12:46:35 UTC 2005 i686 GNU/Linux <?php $url="https://shopline.itau.com.br/shopline/consulta.asp?DC=N183Z175F213E11E234B109E158C173O228K60Y165W217L103M205X7D136G92Q103R208F14E7W147L40Q103G244F243W216Z177K39S36F154S121D205D155A136V";; $handle = fopen($url, "r"); ?> Warning: fopen() [function.fopen]: SSL operation failed with code 114. OpenSSL Error messages: error:00000000:lib(0):func(0):reason(0) in /home/gladyston/webservice/t2.php on line 3 Warning: fopen() [function.fopen]: Failed to enable crypto in /home/gladyston/webservice/t2.php on line 3 Warning: fopen(https://shopline.itau.com.br/shopline/consulta.asp?DC=N183Z175F213E11E234B109E158C173O228K60Y165W217L103M205X7D136G92Q103R208F14E7W147L40Q103G244F243W216Z177K39S36F154S121D205D155A136V) [function.fopen]: failed to open stream: Bad file descriptor in /home/gladyston/webservice/t2.php on line 3 Ass, Gladyston Batista Belo Horizonte - Brazil Previous Comments: ------------------------------------------------------------------------ [2006-06-01 07:35:01] Jacek at veo dot pl PHP 5.1.4 + OpenSSL 0.9.8b: ======== SERVER ======== serwer:/tls # php tls-server.php 1: STARTTLS Warning: stream_socket_enable_crypto(): Unable to set private key file `./server.pem' in /tls/tls-server.php on line 30 Warning: stream_socket_enable_crypto(): failed to create an SSL handle in /tls/tls-server.php on line 30 Error (if any): 2: [EMAIL PROTECTED]�F�~F1�V�hxK.985/32~}|yxwtsr Warning: stream_socket_accept(): accept failed: Connection timed out in /tls/tls-server.php on line 2 ======== CLIENT ======== serwer:/tls # php tls-client.php 1: 220 ESMTP 2: 250 STARTTLS Warning: stream_socket_enable_crypto(): SSL operation failed with code 114. OpenSSL Error messages: error:00000000:lib(0):func(0):reason(0) in /tls/tls-client.php on line 10 bool(false) ------------------------------------------------------------------------ [2006-05-31 21:03:47] e at osterman dot com And just to make sure we're using the same tools to test, this is the certificate that I used to make the test above work. The pass phrase is "comet". -----BEGIN CERTIFICATE----- MIIDgTCCAuqgAwIBAgIJAMgtIWVzb1oIMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2Vs ZXMxFDASBgNVBAoTC091ciBDb21wYW55MQ0wCwYDVQQLEwRUZXN0MQwwCgYDVQQD EwNEZXYxGzAZBgkqhkiG9w0BCQEWDGFzZEBob3N0LmNvbTAeFw0wNjA1MjYwMTM4 NTRaFw0wNzA1MjYwMTM4NTRaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs aWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxFDASBgNVBAoTC091ciBDb21w YW55MQ0wCwYDVQQLEwRUZXN0MQwwCgYDVQQDEwNEZXYxGzAZBgkqhkiG9w0BCQEW DGFzZEBob3N0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3mStTm74 kOQCelquoGI/WyUIOvngDdNcJGmi2xnzDpRjKfQTH/3VVDQJUwvjKcLxnBQHFg7M nvEZrfC3LEmFajAzRKjXK5gUCQEQKqhbVsfZO+7ANq4axNldd4UgMhPeZIKr8DDt P3pjFqFSYh/dtOq2pfDXSbstmCZ1Q3GAYDcCAwEAAaOB8DCB7TAdBgNVHQ4EFgQU WQSzc00pkM9aCzsxKJpTYm3kwEUwgb0GA1UdIwSBtTCBsoAUWQSzc00pkM9aCzsx KJpTYm3kwEWhgY6kgYswgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y bmlhMRQwEgYDVQQHEwtMb3MgQW5nZWxlczEUMBIGA1UEChMLT3VyIENvbXBhbnkx DTALBgNVBAsTBFRlc3QxDDAKBgNVBAMTA0RldjEbMBkGCSqGSIb3DQEJARYMYXNk QGhvc3QuY29tggkAyC0hZXNvWggwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF AAOBgQA7G/XKQ9kLTZOcVAG/IOxdn9tW38sEwHifNQ7zMSS5di1MmnD5JJWdK/s4 dzN06T1Ey5FCu2kafFzk48khZpoPsXMRF8DNBXLVSCGj4maPtEviJVjwtj3XwZjA 82a8A/Yil0+fo25zPX4I4oBcbl3bPqzVPXxsQ7myp9f7MDZcbQ== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,E4476A175B6608B6 r0sox8H5ijuOanXwYFtIDgPti3AAuIUdy5EJG9GZbrtQHEW6HL+YxdI58Ng70t4w EfBvcuLb7XAGsJwF65yad0vSXsYv6F+0brEefEvZX3ljxUZ3yGfHVJyEdBWJty7X A8QpqOVVQseAST1IKeWOIT16/a9ZOgwnIhQe36y43pxBwL5tumXTM+AuWPOBW8c0 s49I8GyptttGJpcFohLsmP9Jza/fMIzYFNeuOBQ93fieCcVXBd2fWNyZVEsOU5Mi kt5FQ9Lc9F8Wc+Mh0xiodDz6H+2yNIMC2SNu/mDSAGwDCctBZ34enFDad/eBiYW+ iTjMaqWGFs+cantSgVQ6pdZWYQd5Rsb3/Qbcfia/C1vtzWipBG7wlQCsNWwceXx/ f8hqWl5kyCxvBdH9eyRNMVJkCbFABl9tnaMGRi/UnVL68wgUvosAsdCjUrdL3x7O i6yMBrxYjACbYslPFaG5OtgXcbacBKjsVMkcRYRyGqClgVZHICYZXhZoZTjOsgT4 L9WivT1RnozmFUMPaXbnxX4h/B3v6aSYAc4mPM6oMFTiXGJ7cLoafNw7Fxug7oeF 0+04DykzFCsLw1PmnkXP/WliQ+xidKJeKl2bR0k5MjAs0ksjelk7hAbCDjE0ct0w LAHuvf6haClaFBa0ugL90S6BBdIQad9GRmAqZlVc5tANZleXFEY2wKUSMddIKzsm nouipBWt3flDyYaFRtF20IYYk59z3zlqk73U/cFRkpT9SvHbxdsjTX1OvsmuhMzV 5K4+1QaBK4vePOFeEHDAkwGGqI1Wj+2lC6pxdLe3tjIzNWN1eaq59Q== -----END RSA PRIVATE KEY----- ------------------------------------------------------------------------ [2006-05-31 21:00:04] e at osterman dot com The below example calls stream_socket_enable_crypto on client stream socket and on a server stream socket. It works on my version of PHP 5.1.2 just fine. So, if it doesn't work for you then, we can determine what version of PHP5 is broken. This is the output. [EMAIL PROTECTED]:~/dev/examples/tls$ ./tls-server.php 1: STARTTLS Error (if any): 2: EHLO world As you see... no errors. It got the "EHLO world" command sent over an TLS channel from the client just fine. [EMAIL PROTECTED]:~/dev/examples/tls$ ./tls-client.php 1: 220 ESMTP 2: 250 STARTTLS bool(true) This is the code that produced the output. Below is the code I use to make a sample TLS SMTP server. It works perfectly on my platform and version of PHP. The output from the tests are above. #!/usr/bin/php5 <?php // Hello World! SMTP TLS Server // Tested on PHP 5.1.2-1+b1 (cli) (built: Mar 20 2006 04:17:24) $context = stream_context_create(); // local_cert must be in PEM format stream_context_set_option($context, 'ssl', 'local_cert', './server.pem'); // Pass Phrase (password) of private key stream_context_set_option($context, 'ssl', 'passphrase', 'comet'); stream_context_set_option($context, 'ssl', 'allow_self_signed', true); stream_context_set_option($context, 'ssl', 'verify_peer', false); // Create the server socket $server = stream_socket_server('tcp://0.0.0.0:9001', $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); while(1){ if($client=stream_socket_accept($server)){ @fwrite($client,"220 ESMTP\r\n"); @fwrite($client,"250 STARTTLS\r\n"); // Client should now send STARTTLS echo "1: " . @fgets($client); // We start the SSL Channel stream_socket_enable_crypto($client,true,STREAM_CRYPTO_METHOD_TLS_SERVER); echo "Error (if any): ".openssl_error_string()."\n"; @fwrite($client,"220 ESMTP\r\n"); echo "2: " . @fgets($client); } } ?> #!/usr/bin/php5 <? $fp = fsockopen("tcp://localhost", 9001, $errno, $errstr,30); if (!$fp) die ("Unable to connect: $errstr ($errno)"); echo "1: " . fgets($fp); echo "2: " . fgets($fp); fwrite($fp, "STARTTLS\r\n"); var_dump(stream_socket_enable_crypto($fp,true,STREAM_CRYPTO_METHOD_TLS_CLIENT) ); fwrite($fp, "EHLO world"); ?> ------------------------------------------------------------------------ [2006-05-27 04:30:23] eddi at ai000 dot de Sorry. You misconceive or misread it. Please understand difference between server sockets and client sockets. There are no way to set context options and to give this context stream_socket_enable_crypto(). ------------------------------------------------------------------------ [2006-05-26 18:31:48] e at osterman dot com Eddi, you indeed appear to be correct. I was writing an SSL TCP Server, which gave off the same error message so I assumed they were related. My fix there did NOT work for the TLS implementation. As you mentioned, TLS is a different way of implementing SSL, which as it stands currently in PHP5, I aggree it appears to be broken. There is one issue with your above example. The wrapper should be "ssl" even for "tls" communications (but that doesn't make it work). Wez talks more about it in http://bugs.php.net/33192. Wez Furlong: {{{ The context options for openssl, including tls, are all bundled under the name "ssl". I think your code should probably look more like this: $c = stream_context_create(array( "ssl" => array( "local_cert" => "sec.pem", ... other options ... ) ); }}} ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36445 -- Edit this bug report at http://bugs.php.net/?id=36445&edit=1
