Skip to content

Commit b8a8640

Browse files
wezwez
committed
MFH: Bugfix for #23220: IIS messes up SSL shutdown
1 parent e384ab1 commit b8a8640

File tree

1 file changed

+31
-2
lines changed

1 file changed

+31
-2
lines changed

main/network.c

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -746,6 +746,8 @@ PHPAPI int php_stream_sock_ssl_activate_with_method(php_stream *stream, int acti
746746
php_error_docref(NULL TSRMLS_CC, E_WARNING, "php_stream_sock_ssl_activate_with_method: failed to create an SSL context");
747747
return FAILURE;
748748
}
749+
750+
SSL_CTX_set_options(ctx, SSL_OP_ALL);
749751

750752
sock->ssl_handle = php_SSL_new_from_context(ctx, stream TSRMLS_CC);
751753

@@ -846,6 +848,30 @@ static void php_ERR_error_string_n(int code, char *buf, size_t size)
846848
}
847849
}
848850

851+
/* it doesn't matter that we do some hash traversal here, since it is done only
852+
* in an error condition arising from a network connection problem */
853+
static int is_http_stream_talking_to_iis(php_stream *stream TSRMLS_DC)
854+
{
855+
if (stream->wrapperdata && stream->wrapper && strcmp(stream->wrapper->wops->label, "HTTP") == 0) {
856+
/* the wrapperdata is an array zval containing the headers */
857+
zval **tmp;
858+
859+
#define SERVER_MICROSOFT_IIS "Server: Microsoft-IIS"
860+
861+
zend_hash_internal_pointer_reset(Z_ARRVAL_P(stream->wrapperdata));
862+
while (SUCCESS == zend_hash_get_current_data(Z_ARRVAL_P(stream->wrapperdata), (void**)&tmp)) {
863+
864+
if (strncasecmp(Z_STRVAL_PP(tmp), SERVER_MICROSOFT_IIS, sizeof(SERVER_MICROSOFT_IIS)-1) == 0) {
865+
return 1;
866+
}
867+
868+
zend_hash_move_forward(Z_ARRVAL_P(stream->wrapperdata));
869+
}
870+
}
871+
return 0;
872+
}
873+
874+
849875
static int handle_ssl_error(php_stream *stream, int nr_bytes TSRMLS_DC)
850876
{
851877
php_netstream_data_t *sock = (php_netstream_data_t*)stream->abstract;
@@ -870,8 +896,11 @@ static int handle_ssl_error(php_stream *stream, int nr_bytes TSRMLS_DC)
870896
case SSL_ERROR_SYSCALL:
871897
if (ERR_peek_error() == 0) {
872898
if (nr_bytes == 0) {
873-
php_error_docref(NULL TSRMLS_CC, E_WARNING,
874-
"SSL: fatal protocol error");
899+
if (!is_http_stream_talking_to_iis(stream TSRMLS_CC)) {
900+
php_error_docref(NULL TSRMLS_CC, E_WARNING,
901+
"SSL: fatal protocol error");
902+
}
903+
SSL_set_shutdown(sock->ssl_handle, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
875904
stream->eof = 1;
876905
retry = 0;
877906
} else {

0 commit comments

Comments
 (0)