1

First off, it sounds like this may be related to https://bugs.php.net/bug.php?id=79589, but I'm using PHP 8.2.5 so whatever fix is implemented doesn't appear to be preventing this. I've looked at other questions related to this error on here without being able to find any solution.

The URL I'm accessing involves a POST request which results in either a HTML response, or a file download (Content-Disposition: attachment;...) depending on the parameters submitted. When I request the HTML output, the data comes in no problem, however when I specify the file option, I get the CURL error:

  • OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0`

So there's something specific about the file option that is causing it - perhaps because I don't see a content-length in the headers sent by the server? In any case, I have no control over the server so I can't implement anything on that side.

The code I have works fine in older versions of PHP (7.4.2 for sure), but for various reasons I need to stick with the latest so I haven't figured out the max version before it breaks.

Example of the output that works (HTML):

*   Trying XXX:443...
* Connected to XXX.com (XXX) port 443 (#0)
* ALPN: offers http/1.1
*  CAfile: D:\Certs\cacert.pem
*  CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: XXX
*  start date: Jun  1 10:25:49 2022 GMT
*  expire date: Jun 29 10:25:49 2023 GMT
*  subjectAltName: host "XXX.com" matched cert's "XXX.com"
*  issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
*  SSL certificate verify ok.
> POST /XXX.asp HTTP/1.1
Host: XXX.com
Accept: */*
Cookie: XXX
Content-Type: application/x-www-form-urlencoded
Content-Length: 446

* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: private,private
< Content-Type: text/html
< Expires: Tue, 02 May 2023 12:30:36 GMT
< Server: Microsoft-IIS/10.0
* Replaced cookie XXX for domain XXX.com, path /, expire 0
< Set-Cookie: XXX; secure; path=/
< X-Powered-By: ASP.NET
< X-Frame-Options: SAMEORIGIN
< Date: Wed, 03 May 2023 12:30:36 GMT
< Content-Length: 20260
< 
* Connection #0 to host XXX.com left intact

Example of the output that fails (file):

*   Trying XXX:443...
* Connected to XXX.com (XXX) port 443 (#0)
* ALPN: offers http/1.1
*  CAfile: D:\Certs\cacert.pem
*  CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: XXX
*  start date: Jun  1 10:25:49 2022 GMT
*  expire date: Jun 29 10:25:49 2023 GMT
*  subjectAltName: host "XXX.com" matched cert's "XXX.com"
*  issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
*  SSL certificate verify ok.
> POST XXX.asp HTTP/1.1
Host: XXX.com
Accept: */*
Cookie: XXX
Content-Type: application/x-www-form-urlencoded
Content-Length: 446

* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: private,private
< Content-Type: text/x-oasis-csv
< Expires: Tue, 02 May 2023 12:32:14 GMT
< Server: Microsoft-IIS/10.0
< Content-Disposition: attachment; filename=20230503083225ED.csv
* Replaced cookie XXX for domain XXX.com, path /, expire 0
< Set-Cookie: XXX; secure; path=/
< X-Powered-By: ASP.NET
< X-Frame-Options: SAMEORIGIN
< Date: Wed, 03 May 2023 12:32:25 GMT
< Connection: close
< 
* OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
* Closing connection 0
IMSoP
  • 89,526
  • 13
  • 117
  • 169
MJC
  • 57
  • 9
  • It looks like [the fix applied](https://github.com/php/php-src/commit/74f75db0c3665677ec006cd379fd561feacffdc6) was to switch on a flag to ignore this error in OpenSSL versions that support it. Could you confirm the version of OpenSSL your PHP is using (`phpinfo()` or `php -i | grep OpenSSL`)? It would also be useful to know if [the test added with that fix](https://github.com/php/php-src/blob/master/ext/openssl/tests/bug79589.phpt) passes for you. – IMSoP May 04 '23 at 11:44
  • @IMSoP: OpenSSL 3.0.8 (7 Feb 2023). As for that test, I'm not familiar with using PHPUnit or running phpt test files, but when I run the code, "gettype($release)" returns "string" and neither of other two if statements trigger the "die", so it appears to pass – MJC May 05 '23 at 13:15
  • I am seeing this exact error using PHP 8.2.6 and .7 NTS on Windows 11 x64 prebuilt zip download also. I have retrograded to PHP 8.1.20 NTS x64 and the problem is gone. (likely 8.1 is not using Open_SSL 3.x) – Pancho Jun 20 '23 at 19:19

0 Answers0