From: [EMAIL PROTECTED] Operating system: Linux PHP version: 5.2.3 PHP Bug Type: Sockets related Bug description: SSL: fatal protocol error due to buffer issues
Description: ------------ Essentially this bug is a mash up of #39283, #35758, #41021, #39039 and possibly others. Essentially the code I'm using looks like: $fd = fsockopen("ssl://myhost, myport, $error, $timeout); $data = fread($fd, 8192); But you can create the same error using: - SoapClient to fetch a WSDL file. - file_get_contents() - file() The backend can be an Apache server or a custom app internally that serves SSL encrypted data. It doesn't matter. If the transmitted data is smaller then the $length passed to fread, everything works successfully. I chose 8192 in my example because file(), file_get_contents() and SoapClient all use 8192 internally based on how the work. Now if the actual data being transmitted is 10000 for example, you will receive the first block of data fine. Then the next time you call fread(), or in the case of SoapClient, file_get_contents(), file() they will do this internally. You will get: "SSL: fatal protocol error" printed out and any subsequent action on the file descriptor will result in an OpenSSL error saying the socket has already been shutdown, as per line 116 (current CVS) of ext/openssl/xp_ssl.c Now you can create this situation with 2048 of data as well. Just call fread($fd, 1024); or fread($fd, 2000); and it will trigger. Basically the $length has to be less then your total amount of data and it will occur. A lot of the previous bugs PHP developer mention IIS while users mention Apache. I have not tested IIS. I have only tested Apache and a custom app which serves data over SSL. I have tested the output of Apache with wget and the custom app with openssl s_client and both work properly. -- Edit bug report at http://bugs.php.net/?id=41770&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41770&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41770&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41770&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41770&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41770&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41770&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=41770&r=needscript Try newer version: http://bugs.php.net/fix.php?id=41770&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41770&r=support Expected behavior: http://bugs.php.net/fix.php?id=41770&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41770&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41770&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41770&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41770&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41770&r=dst IIS Stability: http://bugs.php.net/fix.php?id=41770&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41770&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41770&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41770&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=41770&r=mysqlcfg