From: Jacek at jacekk dot info Operating system: Ubuntu PHP version: 5.3.0 PHP Bug Type: OpenSSL related Bug description: PHP ssl:// wrapper - cannot verify VeriSign certificate chain
Description: ------------ PHP cannot validate some (VeriSign's?) certificate chains correctly. openssl s_client works fine with the same input. Verification of thawte chain works well. chain.pem is available at http://pastebin.com/f4ab25a9a OpenSSL: $ openssl s_client -connect www.verisign.com:443 -CAfile chain.pem (...) Verify return code: 0 (ok) (...) Reproduce code: --------------- <?php $ssl = array( 'verify_peer' => TRUE, 'verify_depth' => 5, 'allow_self_signed' => FALSE, 'cafile' => 'chain.pem', 'capture_peer_cert' => TRUE, 'capture_peer_chain' => TRUE, ); $context = stream_context_create(array( 'ssl' => $ssl, )); file_get_contents('https://api-3t.paypal.com/', NULL, $context); file_get_contents('https://www.verisign.com/', NULL, $context); ?> Expected result: ---------------- Nothing Actual result: -------------- Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /home/me/test/test.php on line 14 Warning: file_get_contents(): Failed to enable crypto in /home/me/test/test.php on line 14 Warning: file_get_contents(https://api-3t.paypal.com/): failed to open stream: operation failed in /home/me/test/test.php on line 14 Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /home/me/test/test.php on line 15 Warning: file_get_contents(): Failed to enable crypto in /home/me/test/test.php on line 15 Warning: file_get_contents(https://www.verisign.com/): failed to open stream: operation failed in /home/me/test/test.php on line 15 -- Edit bug report at http://bugs.php.net/?id=49419&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=49419&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=49419&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=49419&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=49419&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=49419&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=49419&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=49419&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=49419&r=needscript Try newer version: http://bugs.php.net/fix.php?id=49419&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=49419&r=support Expected behavior: http://bugs.php.net/fix.php?id=49419&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=49419&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=49419&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=49419&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49419&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=49419&r=dst IIS Stability: http://bugs.php.net/fix.php?id=49419&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=49419&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=49419&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=49419&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=49419&r=mysqlcfg
