Edit report at https://bugs.php.net/bug.php?id=63113&edit=1
ID: 63113
Comment by: milad dot arabi at gmail dot com
Reported by: milad dot arabi at gmail dot com
Summary: can't call method from webservice server ssl3
Status: Feedback
Type: Bug
Package: OpenSSL related
Operating System: opensuse 11.4
PHP Version: 5.3.17
Block user comment: N
Private report: N
New Comment:
one think i forgot,that company don't register their domain and we add manually
in DNS server and of course their Certification is invalid.
Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:unexpected_message
SSL_connect:error in SSLv2/v3 read server hello A
139780943029928:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
u nexpected
message:s23_clnt.c:658:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 209 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state -ssl3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN =
*.iscboard.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN =
*.iscboard.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
i:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICSTCCAbKgAwIBAgIESxo90jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ
UjEPMA0GA1UECBMGVGVocmFuMQ8wDQYDVQQHEwZUZWhyYW4xDDAKBgNVBAoTA0lT
QzERMA8GA1UECxMISXNjYm9hcmQxFzAVBgNVBAMMDiouaXNjYm9hcmQuY29tMB4X
DTA5MTIwNTExMDI0MloXDTE5MTIwMzExMDI0MlowaTELMAkGA1UEBhMCSVIxDzAN
BgNVBAgTBlRlaHJhbjEPMA0GA1UEBxMGVGVocmFuMQwwCgYDVQQKEwNJU0MxETAP
BgNVBAsTCElzY2JvYXJkMRcwFQYDVQQDDA4qLmlzY2JvYXJkLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAs+y+EHRnjvdjBdAhEg2PBGn5+IAfG2Funu0c
LmtvSldvH9zALt9J/Kjgdlz24ROmD5xsqAtGXdDJL46lyRHiHVethwiU4p0hF28X
/oqdz/SpGsYWi+ICl/kQAR8E331dvU+LJD4aaf7r/te3NoBMu/37Vc8sc8uWvS77
EAYKXB0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCRENcpbuz/8FKO+ZnYDvA05Syo
90Jz3REr2n+aTDJGEYpqgRVE3RaIO4X4vQ0IC7E5RnYNjWb4zNDjML8dC1nNnv5J
yAGv+4W9N1NYOrt0ZbwQuVz4GxUE3UwLydnPOYk6hPCme3jwGJ8KWBoMIyP2eJzK
JxvBufnx6803p2b/5g==
-----END CERTIFICATE-----
subject=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
issuer=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com
---
No client certificate CA names sent
---
SSL handshake has read 1185 bytes and written 321 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 5059EE1FC222FE5DE940379770C555B85F26026B14065894B6B3778B5B945815
Session-ID-ctx:
Master-Key:
EA29F07752B705DEE9D83E5BE5B212FD9F3161323332A30833AD7BA8AC37061721BCE365FADC566A370ABD3B63953261
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1348067336
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
Previous Comments:
------------------------------------------------------------------------
[2012-09-19 14:47:33] milad dot arabi at gmail dot com
my server under load and i really cant update it,that webservice only accept
specific ip.
file_get_contents result:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error
messages: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
unexpected message in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4
Warning: file_get_contents(): Failed to enable crypto in
/data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning:
file_get_contents(https://mydomain-server.com:8888/bsiws/billing?wsdl): failed
to open stream: operation failed in /data/wwwroot/crm/dga/MustBeDeleted/ter.php
on line 4
------------------------------------------------------------------------
[2012-09-19 01:53:05] ahar...@php.net
This seems odd. PHP supports SSLv3 in OpenSSL fine.
What error messages do you get? Make sure error_reporting is set to -1 and
display_errors is turned on.
What happens if you try
file_get_contents('https://domain.com:8888/bsiws/billing?wsdl')?
Finally, please try a current version: either 5.3.17 or 5.4.7.
------------------------------------------------------------------------
[2012-09-18 16:57:46] milad dot arabi at gmail dot com
Description:
------------
hi all
i must connect to some webservice server that only accepts ssl3.
in command line i set -ssl3 flag for openssl and work fine.if i not specify
version,openssl don't attmep version 3 and got error.i think this wrong
behavior affected on php.
but in php we can't specify what ssl version to use.
php5.3.5
sorry for my poor language
Actual result:
--------------
SOAP-ERROR: Parsing WSDL: Couldn't load from
'https://domain.com:8888/bsiws/billing?wsdl' : failed to load external entity
"https://domain.com:8888/bsiws/billing?wsdl";
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=63113&edit=1
