#29296 [Bgs->Csd]: SSL connection failed

Fri, 10 Sep 2004 04:52:11 -0700 

 ID:               29296
 Updated by:       [EMAIL PROTECTED]
 Reported By:      hotte at unrealforum dot de
-Status:           Bogus
+Status:           Closed
 Bug Type:         OpenSSL related
 Operating System: Linux Gentoo 2.6.7
 PHP Version:      5.0.0
 New Comment:

On reflection, it might be a tad difficult to force rrp server to
change, so I've added sslv2:// and sslv3:// transports to CVS; grab the
next snapshot (5.0 or HEAD) and use fsockopen("sslv3://...") instead.


Previous Comments:
------------------------------------------------------------------------

[2004-09-10 13:13:38] [EMAIL PROTECTED]

How to diagnose OpenSSL errors:

Look at the error message:
error:1408F10B:SSL routines:func(143):reason(267)

Take the reason code (267) and determine the error:
grep 267 /usr/include/openssl/ssl.h
/usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER          
         267

Now google for SSL_R_WRONG_VERSION_NUMBER

Read the first hit: 
http://www.mail-archive.com/[EMAIL PROTECTED]/msg02770.html

"
    Many of SSL clients sends the first CLIENT HELLO with
    ssl2 format (0x80.....) because they don't know what
    version the server supports.
    In this first message, the client sends the version
    he wants to use (3 for SSL3), then the other exchanged
    messages are in the appropriate format SSL3 for V3,
    SSL2 for V2 etc....

    So in your server method configuration you must put:
      SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method())
    to correctely analyse the first client_hello message
    instead of 
      SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method())
    which i suppose you did.
"

Conclusion: the rrp-server uses SSLv3_server_method and therefore needs
to be fixed to use SSLv23 instead.


------------------------------------------------------------------------

[2004-07-21 13:12:54] hotte at unrealforum dot de

Description:
------------
I've tried to etablish a ssl-connection with the php-cli to a
rrp-server (http://www.ietf.org/rfc/rfc2832.txt?number=2832) with
fsockopen but receive "SSL handshake/connection failed"
A connect with openssl is successfull:

openssl s_client -ssl3 -crlf -connect host:648


New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DES-CBC3-SHA
    Session-ID:
77752169E6CCC2EE44C4A5BADFD93A074D041FA8D0E8A5285810312F2DEBD43E
    Session-ID-ctx:
    Master-Key:
58F8FE9AA2CE1D5A731D3A7207889503A79254DC3BE6D1C8DE3B94EB4E634317D7CC084CA29BBE7218F587967EA099B6
    Key-Arg   : None
    Start Time: 1090407338
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate
chain)
---


PHP configure:

'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--with-apxs2=/usr/sbin/apxs2'
'--with-config-file-path=/etc/php/apache2-php5' '--without-pear'
'--disable-bcmath' '--without-bz2' '--disable-calendar'
'--without-cpdflib' '--disable-ctype' '--without-curl'
'--without-curlwrappers' '--disable-dbase' '--disable-dbx'
'--disable-dio' '--disable-exif' '--with-fam' '--without-fbsql'
'--without-fdftk' '--disable-filepro' '--disable-ftp' '--with-gettext'
'--without-gmp' '--without-hwapi' '--without-iconv'
'--without-informix' '--without-ingres' '--without-interbase'
'--enable-mbstring' '--with-mcrypt' '--without-mcve' '--without-mhash'
'--without-ming' '--without-mnogosearch' '--without-msql'
'--without-mssql' '--with-ncurses' '--without-oci8' '--without-oracle'
'--with-openssl' '--without-ovrimos' '--without-pcre-regx'
'--without-pfpro' '--without-pgsql' '--disable-posix' '--with-pspell'
'--without-recode' '--disable-simplexml' '--without-snmp'
'--disable-soap' '--disable-sockets' '--disable-spl' '--without-sybase'
'--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem'
'--disable-sysvshm' '--without-tidy' '--disable-tokenizer'
'--disable-wddx' '--without-xsl' '--with-xmlrpc' '--disable-yp'
'--with-zlib' '--without-cdb' '--with-db4' '--without-dbm'
'--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm'
'--with-gd' '--enable-gd-jis-conf' '--enable-gd-native-ttf'
'--with-ldap' '--without-ldap-sasl' '--with-mysql' '--disable-session'
'--without-sqlite' '--enable-dba' '--with-readline'
'--without-libedit'


SSL connections to other Mail/Webserver works fine.

Reproduce code:
---------------
$fd     =       fsockopen("ssl://host,648);
or
$fd     =       fsockopen("tls://host,648);

Expected result:
----------------
a successfull connection

Actual result:
--------------
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error
messages:
error:1408F10B:SSL routines:func(143):reason(267) in test.php on line
3

Warning: fsockopen(): Failed to enable crypto in test.php on line 3

Warning: fsockopen(): unable to connect to tls://host:648 (Unknown
error) in test.php on line 3


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=29296&edit=1

Reply via email to