search

blackfireio / php-sdk

The Blackfire PHP SDK
https://blackfire.io
MIT License
150 stars 22 forks source link

SSL error on signin #48

Closed ju1ius closed 4 years ago

ju1ius commented 4 years ago

Hi,

I started to get this error after upgrading agent & SDK to 1.32:

$ php ./profile.php
PHP Fatal error:  Uncaught Blackfire\Exception\OfflineException: An error occurred: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading. in /path/to/vendor/blackfire/php-sdk/src/Blackfire/Client.php:613
Stack trace:
#0 [internal function]: Blackfire\Client->Blackfire\{closure}()
#1 /path/to/vendor/blackfire/php-sdk/src/Blackfire/Client.php(616): file_get_contents()
#2 /path/to/vendor/blackfire/php-sdk/src/Blackfire/Client.php(455): Blackfire\Client->sendHttpRequest()
#3 /path/to/vendor/blackfire/php-sdk/src/Blackfire/Client.php(61): Blackfire\Client->doCreateRequest()
#4 /path/to//profile.php(13): Blackfire\Client->createProbe()
#5 {main}
  thrown in /path/to/vendor/blackfire/php-sdk/src/Blackfire/Client.php on line 613

The error happens when the client tries to request the url https://blackfire.io/api/v1/signing

$ php --version
PHP 7.4.3 (cli) (built: Feb 23 2020 07:07:28) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
    with blackfire v1.32.0~linux-x64-non_zts74, https://blackfire.io, by Blackfire

$ blackfire version
blackfire 1.32.0 linux amd64 gc 2020-02-05T10:41:48+0000

$ php --ri blackfire 
Blackfire => enabled
Blackfire => 1.32.0~linux-x64-non_zts74
Timing measurement => cgt
Sessions support => enabled
Num of CPU => 8
Profiling heap memory => 0 Kb
Main instance trigger mode => CLI autotriggered
Main instance => disabled

                   Blackfire runtime active environment                   
                         No environment detected                         
                        Blackfire runtime headers                        
                           No headers detected                           

Directive => Local Value => Master Value
blackfire.agent_socket => unix:///var/run/blackfire/agent.sock => unix:///var/run/blackfire/agent.sock
blackfire.agent_timeout => 0.25 => 0.25
blackfire.env_id => no value => no value
blackfire.env_token => no value => no value
blackfire.log_level => 1 => 1
blackfire.log_file => no value => no value
blackfire.server_id => no value => no value
blackfire.server_token => no value => no value
blackfire.apm_enabled => 0 => 0
blackfire.apm_enable_automatic_browser_probe => 1 => 1
blackfire.apm_browser_key => no value => no value
iamluc commented 4 years ago

Hello,

Could you paste here (or send to support@blackfire.io) the output of php -r "var_dump(json_decode(file_get_contents('https://www.howsmyssl.com/a/check'), true));" ?

ju1ius commented 4 years ago

@iamluc Sure, here it is:

array(10) {
  ["given_cipher_suites"]=>
  array(75) {
    [0]=>
    string(22) "TLS_AES_256_GCM_SHA384"
    [1]=>
    string(28) "TLS_CHACHA20_POLY1305_SHA256"
    [2]=>
    string(22) "TLS_AES_128_GCM_SHA256"
    [3]=>
    string(37) "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    [4]=>
    string(39) "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
    [5]=>
    string(37) "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
    [6]=>
    string(39) "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
    [7]=>
    string(35) "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
    [8]=>
    string(35) "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
    [9]=>
    string(35) "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
    [10]=>
    string(35) "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
    [11]=>
    string(37) "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
    [12]=>
    string(39) "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
    [13]=>
    string(34) "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
    [14]=>
    string(36) "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
    [15]=>
    string(37) "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    [16]=>
    string(39) "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
    [17]=>
    string(34) "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
    [18]=>
    string(36) "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
    [19]=>
    string(35) "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
    [20]=>
    string(32) "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
    [21]=>
    string(35) "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
    [22]=>
    string(35) "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
    [23]=>
    string(32) "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
    [24]=>
    string(32) "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
    [25]=>
    string(31) "TLS_RSA_WITH_AES_128_GCM_SHA256"
    [26]=>
    string(31) "TLS_RSA_WITH_AES_256_GCM_SHA384"
    [27]=>
    string(34) "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
    [28]=>
    string(32) "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
    [29]=>
    string(30) "TLS_DHE_RSA_WITH_AES_128_CCM_8"
    [30]=>
    string(28) "TLS_DHE_RSA_WITH_AES_128_CCM"
    [31]=>
    string(32) "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
    [32]=>
    string(26) "TLS_RSA_WITH_AES_128_CCM_8"
    [33]=>
    string(24) "TLS_RSA_WITH_AES_128_CCM"
    [34]=>
    string(31) "TLS_RSA_WITH_AES_128_CBC_SHA256"
    [35]=>
    string(28) "TLS_RSA_WITH_AES_128_CBC_SHA"
    [36]=>
    string(34) "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
    [37]=>
    string(32) "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
    [38]=>
    string(30) "TLS_DHE_RSA_WITH_AES_256_CCM_8"
    [39]=>
    string(28) "TLS_DHE_RSA_WITH_AES_256_CCM"
    [40]=>
    string(35) "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
    [41]=>
    string(26) "TLS_RSA_WITH_AES_256_CCM_8"
    [42]=>
    string(24) "TLS_RSA_WITH_AES_256_CCM"
    [43]=>
    string(31) "TLS_RSA_WITH_AES_256_CBC_SHA256"
    [44]=>
    string(28) "TLS_RSA_WITH_AES_256_CBC_SHA"
    [45]=>
    string(45) "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
    [46]=>
    string(43) "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
    [47]=>
    string(41) "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
    [48]=>
    string(40) "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"
    [49]=>
    string(38) "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"
    [50]=>
    string(36) "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"
    [51]=>
    string(36) "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"
    [52]=>
    string(40) "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"
    [53]=>
    string(38) "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"
    [54]=>
    string(36) "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"
    [55]=>
    string(36) "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"
    [56]=>
    string(44) "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
    [57]=>
    string(42) "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
    [58]=>
    string(40) "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
    [59]=>
    string(40) "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
    [60]=>
    string(44) "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
    [61]=>
    string(42) "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
    [62]=>
    string(40) "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
    [63]=>
    string(40) "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
    [64]=>
    string(37) "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
    [65]=>
    string(37) "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
    [66]=>
    string(37) "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
    [67]=>
    string(37) "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
    [68]=>
    string(32) "TLS_RSA_WITH_ARIA_256_GCM_SHA384"
    [69]=>
    string(32) "TLS_RSA_WITH_ARIA_128_GCM_SHA256"
    [70]=>
    string(36) "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
    [71]=>
    string(36) "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
    [72]=>
    string(33) "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
    [73]=>
    string(33) "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
    [74]=>
    string(33) "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
  }
  ["ephemeral_keys_supported"]=>
  bool(true)
  ["session_ticket_supported"]=>
  bool(true)
  ["tls_compression_supported"]=>
  bool(false)
  ["unknown_cipher_suite_supported"]=>
  bool(false)
  ["beast_vuln"]=>
  bool(false)
  ["able_to_detect_n_minus_one_splitting"]=>
  bool(false)
  ["insecure_cipher_suites"]=>
  array(0) {
  }
  ["tls_version"]=>
  string(7) "TLS 1.3"
  ["rating"]=>
  string(13) "Probably Okay"
}
iamluc commented 4 years ago

Could you check your openssl version? You can know it with openssl version

iamluc commented 4 years ago

It could be a bug in openssl 1.1.1e (https://github.com/openssl/openssl/issues/11378). So if you are using this version. Please try to downgrade to 1.1.1d or upgrade to 1.1.1f.

ju1ius commented 4 years ago

Hi, just ran a dist-upgrade today:

$ openssl version
OpenSSL 1.1.1f  31 Mar 2020

And the issue is gone ! :tada: So yeah, could very well relate to the openssl issue you mentioned...

iamluc commented 4 years ago

Great news! :tada: