Edit report at https://bugs.php.net/bug.php?id=63113&edit=1
ID: 63113 Comment by: milad dot arabi at gmail dot com Reported by: milad dot arabi at gmail dot com Summary: can't call method from webservice server ssl3 Status: Feedback Type: Bug Package: OpenSSL related Operating System: opensuse 11.4 PHP Version: 5.3.17 Block user comment: N Private report: N New Comment: one think i forgot,that company don't register their domain and we add manually in DNS server and of course their Certification is invalid. Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:unexpected_message SSL_connect:error in SSLv2/v3 read server hello A 139780943029928:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert u nexpected message:s23_clnt.c:658: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 209 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state -ssl3 CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com verify error:num=18:self signed certificate verify return:1 depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com i:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com --- Server certificate -----BEGIN CERTIFICATE----- MIICSTCCAbKgAwIBAgIESxo90jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ UjEPMA0GA1UECBMGVGVocmFuMQ8wDQYDVQQHEwZUZWhyYW4xDDAKBgNVBAoTA0lT QzERMA8GA1UECxMISXNjYm9hcmQxFzAVBgNVBAMMDiouaXNjYm9hcmQuY29tMB4X DTA5MTIwNTExMDI0MloXDTE5MTIwMzExMDI0MlowaTELMAkGA1UEBhMCSVIxDzAN BgNVBAgTBlRlaHJhbjEPMA0GA1UEBxMGVGVocmFuMQwwCgYDVQQKEwNJU0MxETAP BgNVBAsTCElzY2JvYXJkMRcwFQYDVQQDDA4qLmlzY2JvYXJkLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAs+y+EHRnjvdjBdAhEg2PBGn5+IAfG2Funu0c LmtvSldvH9zALt9J/Kjgdlz24ROmD5xsqAtGXdDJL46lyRHiHVethwiU4p0hF28X /oqdz/SpGsYWi+ICl/kQAR8E331dvU+LJD4aaf7r/te3NoBMu/37Vc8sc8uWvS77 EAYKXB0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCRENcpbuz/8FKO+ZnYDvA05Syo 90Jz3REr2n+aTDJGEYpqgRVE3RaIO4X4vQ0IC7E5RnYNjWb4zNDjML8dC1nNnv5J yAGv+4W9N1NYOrt0ZbwQuVz4GxUE3UwLydnPOYk6hPCme3jwGJ8KWBoMIyP2eJzK JxvBufnx6803p2b/5g== -----END CERTIFICATE----- subject=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com issuer=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com --- No client certificate CA names sent --- SSL handshake has read 1185 bytes and written 321 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 5059EE1FC222FE5DE940379770C555B85F26026B14065894B6B3778B5B945815 Session-ID-ctx: Master-Key: EA29F07752B705DEE9D83E5BE5B212FD9F3161323332A30833AD7BA8AC37061721BCE365FADC566A370ABD3B63953261 Key-Arg : None PSK identity: None PSK identity hint: None Start Time: 1348067336 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) --- SSL3 alert read:warning:close notify closed SSL3 alert write:warning:close notify Previous Comments: ------------------------------------------------------------------------ [2012-09-19 14:47:33] milad dot arabi at gmail dot com my server under load and i really cant update it,that webservice only accept specific ip. file_get_contents result: Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(): Failed to enable crypto in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(https://mydomain-server.com:8888/bsiws/billing?wsdl): failed to open stream: operation failed in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 ------------------------------------------------------------------------ [2012-09-19 01:53:05] ahar...@php.net This seems odd. PHP supports SSLv3 in OpenSSL fine. What error messages do you get? Make sure error_reporting is set to -1 and display_errors is turned on. What happens if you try file_get_contents('https://domain.com:8888/bsiws/billing?wsdl')? Finally, please try a current version: either 5.3.17 or 5.4.7. ------------------------------------------------------------------------ [2012-09-18 16:57:46] milad dot arabi at gmail dot com Description: ------------ hi all i must connect to some webservice server that only accepts ssl3. in command line i set -ssl3 flag for openssl and work fine.if i not specify version,openssl don't attmep version 3 and got error.i think this wrong behavior affected on php. but in php we can't specify what ssl version to use. php5.3.5 sorry for my poor language Actual result: -------------- SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://domain.com:8888/bsiws/billing?wsdl' : failed to load external entity "https://domain.com:8888/bsiws/billing?wsdl" ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63113&edit=1