Discussion:
php fopen https error
Markus Falb
2013-09-25 14:09:38 UTC
Permalink
With RHEL/CentOS 5 php I get an SSL Error
RHEL/CentOS 5 php is at 5.1.6 with security fixes backported.

<?php
$handle = fopen("https://maps.google.com", "r");
$contents = stream_get_contents($handle);
fclose($handle);
?>

will result in something like

Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on
line 3

Some https pages do not raise this error, e.g. https://www.redhat.com is
fine
What is wrong? How to debug? How to resolve? How to mitigate?

Thanks
--
Markus Falb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Shawn McKenzie
2013-09-25 15:03:15 UTC
Permalink
I believe this was a bug, is only a warning that may be suppressed and may
have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that
5.1.6 is over 7 years old?

-Shawn
Post by Markus Falb
With RHEL/CentOS 5 php I get an SSL Error
RHEL/CentOS 5 php is at 5.1.6 with security fixes backported.
<?php
$handle = fopen("https://maps.google.com", "r");
$contents = stream_get_contents($handle);
fclose($handle);
?>
will result in something like
Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on
line 3
Some https pages do not raise this error, e.g. https://www.redhat.com is
fine
What is wrong? How to debug? How to resolve? How to mitigate?
Thanks
--
Markus Falb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Shawn McKenzie
2013-09-25 15:12:06 UTC
Permalink
Just as I thought:

5.2.0
Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers
running Google web server). (Ilia)


On Wed, Sep 25, 2013 at 10:03 AM, Shawn McKenzie
Post by Shawn McKenzie
I believe this was a bug, is only a warning that may be suppressed and may
have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that
5.1.6 is over 7 years old?
-Shawn
Post by Markus Falb
With RHEL/CentOS 5 php I get an SSL Error
RHEL/CentOS 5 php is at 5.1.6 with security fixes backported.
<?php
$handle = fopen("https://maps.google.com", "r");
$contents = stream_get_contents($handle);
fclose($handle);
?>
will result in something like
Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on
line 3
Some https pages do not raise this error, e.g. https://www.redhat.com is
fine
What is wrong? How to debug? How to resolve? How to mitigate?
Thanks
--
Markus Falb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Markus Falb
2013-09-25 16:20:23 UTC
Permalink
Post by Shawn McKenzie
5.2.0
Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers
running Google web server). (Ilia)
Thanks, but ...
I am not sure how what I am supposed to do with this information.

#39039 says it is a bug and it was fixed.
How do I proceed to understand this bug?
Where can I find the appropiate patch?
Where is this bug discussed?

I am sorry if I strain it (too much?) but the link to this bug does not
give a solution to the problem and it does not help to understand the
problem.

I understand that somewhere in cvs there is the solution, but I can not
see an obvious way to get it from the information in #39039
--
Markus Falb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Shawn McKenzie
2013-09-25 17:24:00 UTC
Permalink
I thought I covered that. The bug was fixed 7 years ago. Upgrade PHP, I
doubt there is a patch. I understand that not all coders or distributions
will have the latest version of PHP, but come on, how many thousands of
bugs have been fixed in 7 years? You're going to run into more.
Alternatively you could try and suppress it. From the bug it sounded like
it was only the warning that was the bug, so the code should work. I can't
test because my PHP on CentOS is only 3 years old (5.3.3).
Post by Shawn McKenzie
Post by Shawn McKenzie
5.2.0
Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from
servers
Post by Shawn McKenzie
running Google web server). (Ilia)
Thanks, but ...
I am not sure how what I am supposed to do with this information.
#39039 says it is a bug and it was fixed.
How do I proceed to understand this bug?
Where can I find the appropiate patch?
Where is this bug discussed?
I am sorry if I strain it (too much?) but the link to this bug does not
give a solution to the problem and it does not help to understand the
problem.
I understand that somewhere in cvs there is the solution, but I can not
see an obvious way to get it from the information in #39039
--
Markus Falb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Markus Falb
2013-09-25 16:25:39 UTC
Permalink
Post by Shawn McKenzie
I believe this was a bug, is only a warning that may be suppressed and may
have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that
5.1.6 is over 7 years old?
Please understand that some Distributions do the "only backport security
stuff" thing, e.g. RedHat is supporting for 10 years nowadays.
I do not complain, I just try to understand the issue.

Thanks
--
Markus Falb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Loading...