ID: 21905
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Feedback
+Status: Closed
Bug Type: Sockets related
Operating System: Linux
PHP Version: 4.3.0
New Comment:
closed per user request.
Previous Comments:
------------------------------------------------------------------------
[2003-02-06 12:48:48] [EMAIL PROTECTED]
To solve this issue in the time frame given, I had to rewrite the HTTP
client class I wrote to incorporate cURL instead of using sockets. I am
NOT in favor of this, but it seems to be working well.
I did not try the latest CVS version of PHP to see if it would handle
the SSL handshake any better. But the way I understand SSL is that it
does start in the clear to exchange certificate and setup the
connection (ciphers and such). I think this is deferred to OpenSSL for
handling, but in any case, it was not working as planned.
It is ok to close this report. Thanks for the help.
------------------------------------------------------------------------
[2003-01-29 03:58:05] [EMAIL PROTECTED]
PHP does not perform certificate verification, so self-signed certs
should work just fine.
The error message implies that the handshake failed, which in turn
implies that the remote server could be using a different version of
the SSL "protocol".
PHP will by default attempt versions 2 and 3 of the SSL protocol. If
the remote server is using something else, such as TLS, then it is
quite possible that you would encounter this error.
If that is the case, then you can attempt to use
fsockopen("tls://nameofyourhost") and see if that helps.
Bug 21642 is NOT related to this issue, and your understanding of the
that bug report is not correct.
PHP does NOT fsockopen "ssl://" or "tls://" connections in-the clear;
the issue in that report was that the user was expecting them to open
in the clear.
------------------------------------------------------------------------
[2003-01-28 14:54:53] [EMAIL PROTECTED]
Could this whole mess be hanging on the certificate passed back by the
server? I am using a self-signed cert., not a valid certificate.
------------------------------------------------------------------------
[2003-01-28 12:27:44] [EMAIL PROTECTED]
I think you are misunderstanding me. I tried fsockopen() and it failed
with "php_stream_sock_ssl_activate_with_method: SSL
handshake/connection failed...fsockopen()
[http://www.php.net/function.fsockopen]: failed to activate SSL mode 1
in..." error. This is exactly the same error reported in the Bug link
given above.
After reading that report, you suggested he use fopen() instead. This
is what I did too, but unfortunately I got the error I reported above.
What did you work out with him?
After looking into other options, I noticed that cURL lib could be used
to curl_init() the SSL first, but I think this beating around the
subject. I do not want to have to install extranious libraries all over
for this option. You state in the documentation that SSL support is in
streams for PHP v4.3.0 as long as I build in support for OpenSSL. Which
I did (see php -m above). Is there something I am missing?
------------------------------------------------------------------------
[2003-01-27 12:21:01] [EMAIL PROTECTED]
This is not a support forum, and this is not a bug in PHP (marking as
bogus).
fsockopen("ssl://webmail.domain.com", 443) should function exactly how
you need it to for this task.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/21905
--
Edit this bug report at http://bugs.php.net/?id=21905&edit=1
