From: Wez Furlong Date: Sun, 23 May 2004 10:36:08 +0000 (+0000) Subject: Finally a fix for #23220: IIS does not cleanly close SSL connections. X-Git-Tag: php-5.0.0RC3RC1~73 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ad99c124c4d6734af1204762d11af1e4f7206bf7;p=php Finally a fix for #23220: IIS does not cleanly close SSL connections. Also enable the safe and recommended bug work around options in the SSL context. --- diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 2bcc0c232e..4171312907 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -46,6 +46,29 @@ typedef struct _php_openssl_netstream_data_t { php_stream_ops php_openssl_socket_ops; +/* it doesn't matter that we do some hash traversal here, since it is done only + * in an error condition arising from a network connection problem */ +static int is_http_stream_talking_to_iis(php_stream *stream TSRMLS_DC) +{ + if (stream->wrapperdata && stream->wrapper && strcmp(stream->wrapper->wops->label, "HTTP") == 0) { + /* the wrapperdata is an array zval containing the headers */ + zval **tmp; + +#define SERVER_MICROSOFT_IIS "Server: Microsoft-IIS" + + zend_hash_internal_pointer_reset(Z_ARRVAL_P(stream->wrapperdata)); + while (SUCCESS == zend_hash_get_current_data(Z_ARRVAL_P(stream->wrapperdata), (void**)&tmp)) { + + if (strncasecmp(Z_STRVAL_PP(tmp), SERVER_MICROSOFT_IIS, sizeof(SERVER_MICROSOFT_IIS)-1) == 0) { + return 1; + } + + zend_hash_move_forward(Z_ARRVAL_P(stream->wrapperdata)); + } + } + return 0; +} + static int handle_ssl_error(php_stream *stream, int nr_bytes TSRMLS_DC) { php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract; @@ -69,8 +92,11 @@ static int handle_ssl_error(php_stream *stream, int nr_bytes TSRMLS_DC) case SSL_ERROR_SYSCALL: if (ERR_peek_error() == 0) { if (nr_bytes == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, - "SSL: fatal protocol error"); + if (!is_http_stream_talking_to_iis(stream TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, + "SSL: fatal protocol error"); + } + SSL_set_shutdown(sslsock->ssl_handle, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); stream->eof = 1; retry = 0; } else { @@ -326,6 +352,8 @@ static inline int php_openssl_setup_crypto(php_stream *stream, return -1; } + SSL_CTX_set_options(ctx, SSL_OP_ALL); + sslsock->ssl_handle = php_SSL_new_from_context(ctx, stream TSRMLS_CC); if (sslsock->ssl_handle == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle");