Closed AdrienHt closed 2 weeks ago
It seems likely that curl also loads OpenSSL, just like the ODBC Driver and there is probably some interference there. I'm having a bit of trouble getting php-curl to work to verify, but the fact that error goes away when CURLOPT_SSL_VERIFYPEER
is set to false, strongly suggests that curl's use of OpenSSL is involved. I will investigate further.
By the way, do you know which version of OpenSSL is used there?
thanks ! Yes we used OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Can you strace
a successful run and the one with the error? Something like strace -o output.txt -f php file.php
if it's run directly.
I can now run the repro code, but I don't get the same error, since I don't have the API URL setup that would return "certificate not allowed", if I understand the setup correctly.
The error is triggered before the API call. I got the error even when https://www.google.fr is set as the API URL. Are you sure you are using the same set up ?
Great, thanks. I'll see what I can find in those
Environment
Php version: 8.2.19 PDO_SQLSRV: pdo_sqlsrv-5.12.0 Microsoft ODBC Driver version: 18.3.2.1-1
MS SQL Server version: 2022 lastest (docker image
mcr.microsoft.com/mssql/server:2022-latest
) Ubuntu via Docker for Mac: Ubuntu 22.04.4 LTS (Jammy Jellyfish) OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020Problem description
The following code:
Resulted in this output:
But I expected no SQL error, only the cURL error :
The error only happens when the curl CA verification reports a certificate not allowed. The error does not happen when I remove
TrustServerCertificate=yes
in the dsn. The error does not happen whenCURLOPT_SSL_VERIFYPEER
is set tofalse
.It's seems that the Mssql driver call openssl function
SSL_shutdown()
whileSSL_in_init()
send true.The
SSL_in_init()
seems to returntrue
only when the curl CA verification reports a certificate not allowed.I don't know if php curl implementation does not close the connection correctly or if the MSSQL driver should check if SSL_in_init() returns
true
before callingSSL_shutdown()
, but there is something wrong here. I opened an issue on PHP, but they suggested that I open an issue here (https://github.com/php/php-src/issues/14230).