Edit report at http://bugs.php.net/bug.php?id=52106&edit=1
ID: 52106 Comment by: ns at centralservices dot nl Reported by: sc0ttbeardsley at gmail dot com Summary: fopen fails on some SSL urls Status: Open Type: Bug Package: OpenSSL related Operating System: Ubuntu Lucid/Maverick PHP Version: 5.3.2 Block user comment: N New Comment: I'm having a similar problem. The URL I'm trying to open: https://login.twinfield.com/webservices/session.asmx?wsdl Environment in which it's working perfectly: Ubuntu 9.10 (php 5.2.10). Environment in which it's not working: Ubuntu 10.04.1 (php 5.3.2). The specific errors I get when trying to connect to the url: PHP Warning: fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14092073:SSL routines:func(146):reason(115) in /share/ac/staging/test_twf_ubuntu10lts.php on line 26 PHP Warning: fopen(): Failed to enable crypto in /share/ac/staging/test_twf_ubuntu10lts.php on line 26 PHP Warning: fopen(https://login.twinfield.com/webservices/session.asmx?wsdl): failed to open stream: operation failed in /share/ac/staging/test_twf_ubuntu10lts.php on line 26 This means that I cannot connect to a very important SSL webservice through SoapClient so I cannot upgrade to Ubuntu 10 lts, which I really need to because of another, new, crucial package our project will depend on. I guess that the failing SOAP call is related to the above, but just to be sure, I'm getting the following error when trying to create a SoapClient with the above WSDL url (note that a commandline wget of the url works just fine): PHP Fatal error: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://login.twinfield.com/webservices/session.asmx?wsdl' : failed to load external entity "https://login.twinfield.com/webservices/session.asmx?wsdl"; in /share/staging/test_twf_ubuntu10lts.php on line 30 SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://login.twinfield.com/webservices/session.asmx?wsdl' : failed to load external entity "https://login.twinfield.com/webservices/session.asmx?wsdl"; Previous Comments: ------------------------------------------------------------------------ [2010-09-15 17:07:57] personseb at yahoo dot fr maybe a hint to troubleshoot the problem if I use the following it works : $t_context = array( 'ciphers' => 'ALL:!AES:!3DES:!RC4:@STRENGTH', // OK:LOW ); $context = stream_context_create( array( 'ssl' => $t_context, )); file_get_contents('https://myserver:443', false, $context); without the above context it breaks : file_get_contents('https://myserver:443', false, $context); ------------------------------------------------------------------------ [2010-09-15 12:12:36] personseb at yahoo dot fr same problem here... Warning: fsockopen() [function.fsockopen]: SSL operation failed with code 1. OpenSSL Error messages: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error in /www/test_servicesWS_sp.php on line 16 Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in /www/test_servicesWS_sp.php on line 16 Warning: fsockopen() [function.fsockopen]: unable to connect to ssl://192.168.0.1:443 (Unknown error) in /www/test_servicesWS_sp.php on line 16 (0) PHP 5.3.2 OpenSSL 1.0.0 OS CentOS ------------------------------------------------------------------------ [2010-08-23 12:50:16] k dot nagurski at ulster dot ac dot uk We're having the same problem with connecting to a box running our student records system. We've tested this using Zend Server 5.0.2 using RHEL, with PHP version is 5.3.2. We've also been able to reproduce this on Zend Server CE 5.0.2 using MacOSX, also PHP version 5.3.2. As far as we can see, this popped up with 5.3.2 as we cannot reproduce the problem with a version of Zend Server CE running PHP 5.3.1. ------------------------------------------------------------------------ [2010-06-17 19:45:19] sc0ttbeardsley at gmail dot com substitute Lucid in my last comment with PHP v5.3.2 and Karmic with PHP v5.2.10 ------------------------------------------------------------------------ [2010-06-17 19:43:43] sc0ttbeardsley at gmail dot com An update... I've discovered that the cas.ucdavis.edu machine does not correctly deal with fragmented IP packets. I thought this might be the problem but then I went looking for those types of packets and found none (I'll still try to get that fixed though). Then I discovered that on the "client hello" packet (first packet after the connection is established) on a Lucid machine shows up in wireshark as the TLSv1 protocol and on a Karmic machine it shows up as a SSLv2 protocol. I wonder why this changed? Did the defaults for openssl change or something? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=52106 -- Edit this bug report at http://bugs.php.net/bug.php?id=52106&edit=1
