From: ctm at etheon dot net
Operating system: Windows NT
PHP version: 5.1.4
PHP Bug Type: OpenSSL related
Bug description: SSL Handshake Timeout
Description:
------------
When using either the stream_socket_client function (in
STREAM_CLIENT_CONNECT mode) or the stream_socket_enable_crypto function
(if you connected in ASYNC mode), on some IPs, then SSL Handshake will
take sometimes up to 10 minutes to complete, and in those cases, often
fails anyway. It also uses as much CPU usage as it can (up to 99%).
Basically, having a timeout would be nice.
Reproduce code:
---------------
$ip = "68.142.72.152" ;
$context = stream_context_create ( array ( 'ssl' => array (
'verify_peer' => false,
'capture_peer_cert' => true ),
)
) ;
$socket = stream_socket_client ( "ssl://" . $ip . ":443",
$errno,
$errstr,
15,
STREAM_CLIENT_CONNECT|STREAM_CLIENT_ASYNC_CONNECT,
$context ) ;
stream_socket_enable_crypto ( $socket, true,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT ) ;
print "The end.\r\n" ;
Expected result:
----------------
The end.
Actual result:
--------------
Well, the result is pretty much the same, the only problem is instead of
taking roughly 10 to 30 seconds, it takes about 10 minutes and uses 99% of
the CPU.
This is, I think, the problem in the source code (ext/openssl/xp_ssl.c) :
do {
if (sslsock->is_client) {
n = SSL_connect(sslsock->ssl_handle);
} else {
n = SSL_accept(sslsock->ssl_handle);
}
if (n <= 0) {
retry = handle_ssl_error(stream, n TSRMLS_CC);
} else {
break;
}
} while (retry);
I know the SSL Handshake fails (since n is less than equal to 0), though
I'm not sure if the CPU usage and the long timeout are due to a near
infinite loop or something akin to this. I've checked the Unix man pages
on this, but I'm not sure which error it is exactly, since
openssl_error_string() doesn't return anything. And I can read or write
just fine, so I don't think it's SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE, though I'm not sure about this.
--
Edit bug report at http://bugs.php.net/?id=38417&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=38417&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=38417&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=38417&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38417&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=38417&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38417&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38417&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38417&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38417&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38417&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=38417&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=38417&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38417&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38417&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38417&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38417&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38417&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38417&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38417&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38417&r=mysqlcfg
