From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 5.2.3
PHP Bug Type: Sockets related
Bug description: SSL: fatal protocol error due to buffer issues
Description:
------------
Essentially this bug is a mash up of #39283, #35758, #41021, #39039 and
possibly others.
Essentially the code I'm using looks like:
$fd = fsockopen("ssl://myhost, myport, $error, $timeout);
$data = fread($fd, 8192);
But you can create the same error using:
- SoapClient to fetch a WSDL file.
- file_get_contents()
- file()
The backend can be an Apache server or a custom app internally that serves
SSL encrypted data. It doesn't matter.
If the transmitted data is smaller then the $length passed to fread,
everything works successfully. I chose 8192 in my example because file(),
file_get_contents() and SoapClient all use 8192 internally based on how the
work.
Now if the actual data being transmitted is 10000 for example, you will
receive the first block of data fine. Then the next time you call fread(),
or in the case of SoapClient, file_get_contents(), file() they will do this
internally. You will get:
"SSL: fatal protocol error" printed out and any subsequent action on the
file descriptor will result in an OpenSSL error saying the socket has
already been shutdown, as per line 116 (current CVS) of
ext/openssl/xp_ssl.c
Now you can create this situation with 2048 of data as well. Just call
fread($fd, 1024); or fread($fd, 2000); and it will trigger. Basically the
$length has to be less then your total amount of data and it will occur.
A lot of the previous bugs PHP developer mention IIS while users mention
Apache. I have not tested IIS. I have only tested Apache and a custom app
which serves data over SSL. I have tested the output of Apache with wget
and the custom app with openssl s_client and both work properly.
--
Edit bug report at http://bugs.php.net/?id=41770&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=41770&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=41770&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=41770&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=41770&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=41770&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=41770&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=41770&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=41770&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=41770&r=support
Expected behavior: http://bugs.php.net/fix.php?id=41770&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=41770&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=41770&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=41770&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41770&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=41770&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=41770&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=41770&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=41770&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=41770&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=41770&r=mysqlcfg
