registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #29749
[Bug 592442] Re: fopen fails on some SSL urls
So initial testing shows that this is actually a problem with OpenSSL,
or at least, it is OpenSSL refusing to connect to these servers:
(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host cas.ucdavis.edu -port 443
CONNECTED(00000003)
1787:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:602:
(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host server.db.kvk.nl -port 443
CONNECTED(00000003)
1788:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:602:
The condition to reach that error is:
else if ((p[0] == SSL3_RT_ALERT) &&
(p[1] == SSL3_VERSION_MAJOR) &&
((p[2] == SSL3_VERSION_MINOR) ||
(p[2] == TLS1_VERSION_MINOR)) &&
(p[3] == 0) &&
(p[4] == 2))
So it seems if the SSL version is 3, or we're using tlsv1, the code is triggered (602 is later).
Still investigating, but I am adding an OpenSSL bug task.
** Also affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu)
Status: New => In Progress
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Clint Byrum (clint-fewbar)
--
fopen fails on some SSL urls
https://bugs.launchpad.net/bugs/592442
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for php.
Follow ups