← Back to team overview

registry team mailing list archive

[Bug 592442] Re: fopen fails on some SSL urls

 

So initial testing shows that this is actually a problem with OpenSSL,
or at least, it is OpenSSL refusing to connect to these servers:


(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host cas.ucdavis.edu -port 443 
CONNECTED(00000003)
1787:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:602:
(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host server.db.kvk.nl -port 443
CONNECTED(00000003)
1788:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:602:


The condition to reach that error is:

    else if ((p[0] == SSL3_RT_ALERT) &&
         (p[1] == SSL3_VERSION_MAJOR) &&
         ((p[2] == SSL3_VERSION_MINOR) ||
          (p[2] == TLS1_VERSION_MINOR)) &&
         (p[3] == 0) &&
         (p[4] == 2))


So it seems if the SSL version is 3, or we're using tlsv1, the code is triggered (602 is later).

Still investigating, but I am adding an OpenSSL bug task.


** Also affects: openssl (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: openssl (Ubuntu)
       Status: New => In Progress

** Changed in: openssl (Ubuntu)
     Assignee: (unassigned) => Clint Byrum (clint-fewbar)

-- 
fopen fails on some SSL urls
https://bugs.launchpad.net/bugs/592442
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for php.



Follow ups