Skip to content

Fix bug #79589: ssl3_read_n:unexpected eof while reading #8558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix bug #79589: ssl3_read_n:unexpected eof while reading #8558

wants to merge 1 commit into from

Conversation

bukka
Copy link
Member

@bukka bukka commented May 15, 2022
edited
Loading

The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent truncation attack. However there are many non complaint servers and it is causing break for many users including potential majority of those where the truncation attack is not applicable. For that reason we try to keep behavior consitent with older OpenSSL versions which is also the path chosen by some other languages and web servers.

Closes GH-8369

@bukka bukka changed the base branch from master to PHP-8.1 May 15, 2022 12:59
@bukka bukka mentioned this pull request May 15, 2022
Closed
@bukka
Fix bug #79589: ssl3_read_n:unexpected eof while reading
55be0f4 
The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent
truncation attack. However there are many non complaint servers and
it is causing break for many users including potential majority
of those where the truncation attack is not applicable. For that reason
we try to keep behavior consitent with older OpenSSL versions which is
also the path chosen by some other languages and web servers.

Closes phpGH-8369
@bukka bukka force-pushed the openssl_ssl_disable_unexpected_eof branch from 239eace to 55be0f4 Compare May 15, 2022 13:11
iluuu1994
iluuu1994 approved these changes May 15, 2022
View reviewed changes
@bukka
Copy link
Member Author

bukka commented May 15, 2022

Merged as 74f75db

@bukka bukka closed this May 15, 2022
@driesvints driesvints mentioned this pull request May 19, 2022
Closed
@dzuelke
Copy link
Contributor

dzuelke commented Jul 7, 2022

FYI (and this possibility was already discussed in a comment on a file in this PR): Google have fixed this server side:

$ php -v
PHP 8.1.6 (cli) (built: May 18 2022 14:31:08) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.6, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.6, Copyright (c), by Zend Technologies
    with blackfire v1.78.0~linux-x64-non_zts81, https://blackfire.io, by Blackfire
$ php -r 'echo file_get_contents("https://chromedriver.storage.googleapis.com/LATEST_RELEASE");'
103.0.5060.53

@bukka bukka mentioned this pull request Aug 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iluuu1994 iluuu1994 iluuu1994 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OpenSSL 3: Support of SSL_OP_IGNORE_UNEXPECTED_EOF context option
3 participants
@bukka @dzuelke @iluuu1994