Edit report at https://bugs.php.net/bug.php?id=63113&edit=1
ID: 63113 Updated by: fel...@php.net Reported by: milad dot arabi at gmail dot com Summary: can't call method from webservice server ssl3 -Status: Feedback +Status: Not a bug Type: Bug Package: OpenSSL related Operating System: opensuse 11.4 PHP Version: 5.3.17 Block user comment: N Private report: N New Comment: Thanks for the feedback. Previous Comments: ------------------------------------------------------------------------ [2012-11-04 15:18:28] milad dot arabi at gmail dot com hi all one of my friend solved problem by c# on windows server,he import invalid https certification file into windows and ... invalid certification cause this problem. tnx php guys ------------------------------------------------------------------------ [2012-09-20 13:00:04] milad dot arabi at gmail dot com yes,on my server i connect to 3 other https soap server without any problem with php. when use openssl(from command line) to connect to that 3 server i don't specify ssl version and work perfectly. this odd soap server running https over port 8888.is causing the problem? ------------------------------------------------------------------------ [2012-09-20 02:01:17] ahar...@php.net Does it work if you use a WSDL from a server with a valid SSL certificate? ------------------------------------------------------------------------ [2012-09-19 15:25:26] milad dot arabi at gmail dot com one think i forgot,that company don't register their domain and we add manually in DNS server and of course their Certification is invalid. Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:unexpected_message SSL_connect:error in SSLv2/v3 read server hello A 139780943029928:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert u nexpected message:s23_clnt.c:658: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 209 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Server8:~ # openssl s_client -connect suny.iscboard.com:8888 -state -ssl3 CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com verify error:num=18:self signed certificate verify return:1 depth=0 C = IR, ST = Tehran, L = Tehran, O = ISC, OU = Iscboard, CN = *.iscboard.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com i:/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com --- Server certificate -----BEGIN CERTIFICATE----- MIICSTCCAbKgAwIBAgIESxo90jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ UjEPMA0GA1UECBMGVGVocmFuMQ8wDQYDVQQHEwZUZWhyYW4xDDAKBgNVBAoTA0lT QzERMA8GA1UECxMISXNjYm9hcmQxFzAVBgNVBAMMDiouaXNjYm9hcmQuY29tMB4X DTA5MTIwNTExMDI0MloXDTE5MTIwMzExMDI0MlowaTELMAkGA1UEBhMCSVIxDzAN BgNVBAgTBlRlaHJhbjEPMA0GA1UEBxMGVGVocmFuMQwwCgYDVQQKEwNJU0MxETAP BgNVBAsTCElzY2JvYXJkMRcwFQYDVQQDDA4qLmlzY2JvYXJkLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAs+y+EHRnjvdjBdAhEg2PBGn5+IAfG2Funu0c LmtvSldvH9zALt9J/Kjgdlz24ROmD5xsqAtGXdDJL46lyRHiHVethwiU4p0hF28X /oqdz/SpGsYWi+ICl/kQAR8E331dvU+LJD4aaf7r/te3NoBMu/37Vc8sc8uWvS77 EAYKXB0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCRENcpbuz/8FKO+ZnYDvA05Syo 90Jz3REr2n+aTDJGEYpqgRVE3RaIO4X4vQ0IC7E5RnYNjWb4zNDjML8dC1nNnv5J yAGv+4W9N1NYOrt0ZbwQuVz4GxUE3UwLydnPOYk6hPCme3jwGJ8KWBoMIyP2eJzK JxvBufnx6803p2b/5g== -----END CERTIFICATE----- subject=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com issuer=/C=IR/ST=Tehran/L=Tehran/O=ISC/OU=Iscboard/CN=*.iscboard.com --- No client certificate CA names sent --- SSL handshake has read 1185 bytes and written 321 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 5059EE1FC222FE5DE940379770C555B85F26026B14065894B6B3778B5B945815 Session-ID-ctx: Master-Key: EA29F07752B705DEE9D83E5BE5B212FD9F3161323332A30833AD7BA8AC37061721BCE365FADC566A370ABD3B63953261 Key-Arg : None PSK identity: None PSK identity hint: None Start Time: 1348067336 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) --- SSL3 alert read:warning:close notify closed SSL3 alert write:warning:close notify ------------------------------------------------------------------------ [2012-09-19 14:47:33] milad dot arabi at gmail dot com my server under load and i really cant update it,that webservice only accept specific ip. file_get_contents result: Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(): Failed to enable crypto in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 Warning: file_get_contents(https://mydomain-server.com:8888/bsiws/billing?wsdl): failed to open stream: operation failed in /data/wwwroot/crm/dga/MustBeDeleted/ter.php on line 4 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=63113 -- Edit this bug report at https://bugs.php.net/bug.php?id=63113&edit=1