-
Notifications
You must be signed in to change notification settings - Fork 725
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PHP cannot use SSL #6339
Comments
In http://stackoverflow.com/a/38429611/136333, @jonathanmaron reports that the official Ubuntu packages ( Our binaries are compiled using https://github.com/php-build/php-build with our build process shown in https://github.com/travis-ci/php-src-builder (in particular https://github.com/travis-ci/php-src-builder/blob/default/bin/compile). The process needs to be updated (either via |
@joepvd have you proceeded with rebuilding the PHP package? I've been having the same problem. https://travis-ci.org/rdok/elasticemail-php/jobs/157308268 @BanzaiMan I did try @jonathanmaron suggestion. I did not manage to make it work. Moreover, this suggestion is viable only for PHP 5.5 according to @jonathanmaron Thanks in advance! |
I'm using php7-curl and got the same issue. So this issue seems not to be related to PHP 5.5 only. Does anybody ever found a workaround for this issue? |
My understanding is that the PHP binary will have to be recompiled (I indicated the process in the comment above), but I don't know how to make that happen. |
Yes, I had the same issue on my local (macOS) testing machine where I used the preinstalled PHP7 and cURL. Since I got the same issue I updated cURL and then recompiled PHP which solved the issue. |
For me this issue has started just a few days ago. Before that PHP builds were going fine. |
The SensioLabs security checker has switched to Lets Encrypt, which has broken some things Most issues have been fixed, but Travis still needs to offer ssl capabilities to PHP See: https://github.com/sensiolabs/security-checker/issues/73, travis-ci/travis-ci#6339, sensiolabs/security-checker#77 (comment)
Got the same, guys. Whilst I had writing this message all builds have passed successfully |
The SensioLabs security checker has switched to Lets Encrypt, which has broken some things Most issues have been fixed, but Travis still needs to offer ssl capabilities to PHP See: https://github.com/sensiolabs/security-checker/issues/73, travis-ci/travis-ci#6339, sensiolabs/security-checker#77 (comment)
I can confirm the issue for the |
Downgrading to HTTP is a (temporary) fix and should be removed once TLS is supported on Travis. See: travis-ci/travis-ci#6339 sensiolabs/security-checker#77 (comment)
Downgrading to HTTP is a (temporary) fix and should be removed once TLS is supported on Travis. See: travis-ci/travis-ci#6339 sensiolabs/security-checker#77 (comment)
I still get this issue if I use a non-https endpoint with sensiolab’s security checker. |
Yeah, I don't think this issue is fixed... I only have language: php
sudo: false
php:
- '7.1' in my .travis.yml file relating to PHP. I'm not sure how this works for other people other than the HTTPS to HTTP URL switching I see in some referenced commits above.
|
I just ran into this problem yet again. @joepvd any update on this? It's been more that a year now. |
The “external” tests fail, due to a long-standing issue with PHP, cURL, and HTTPS: travis-ci/travis-ci#6339
Still an issue. Can we get a fix for this please? Our case is with issue #8912 (above) |
Can this issue be resolved please? |
Fixes: An error occurred: gnutls_handshake() failed: Handshake failed. https://github.com/sensiolabs/security-checker/issues/100 travis-ci/travis-ci#6339 (comment)
I just got this issue, Travis Git can't retrieve a repository from a TLS 1.2-only SNI-enabled domain: https://travis-ci.org/friendica/friendica/jobs/434668926#L566 Full error:
SSLabs report: https://www.ssllabs.com/ssltest/analyze.html?d=git.friendi.ca&s=138.201.30.223 It still sounds like updating GNU TLS would fix the issue. |
whereas travisci is using gnutls. googled curl+gnutls combo and noticed issues. travis-ci/travis-ci#6339
A project of ours encountered this issue a while back, around the time we moved our infrastructure. I only stumbled across this issue because I noticed curl was using gnutls, whereas my laptop was using openssl. Testing against 7.1.18 did make the issue go away. I gave the c code a brief scan, and not 100% sure it's the issue, but I can't see it scanning the certificates directory like openssl does - just the certificates bundle file. |
It appears the PHP CLI used by Travis to run Composer uses GNU TLS no matter the PHP version: https://travis-ci.org/friendica/friendica/builds/437234785 |
whereas travisci is using gnutls. googled curl+gnutls combo and noticed issues. travis-ci/travis-ci#6339
I had the same problem on Trusty with On Precise with 7.1 it works. On Trusty with 7.1.18, it works. Can anyone shed light on what this means out in the wild? I'm trying to anticipate customer support issues that may come up when I ship this WordPress plugin and—maybe—in some WordPress installations, my code will fail like it does running in Travis CI on Trusty with Php 7.1. Based on what we're seeing here in Travis CI, those failures might be because... why? Because the php interpreter is built with older GnuTLS instead of newer OpenSSL and is thus failing to handle some newer SSL certificates? |
Update: I needed to get a test matrix working with some older php versions as well, but when specifying (These first two were mentioned above)
So, I'm just specifying these in my
|
whereas travisci is using gnutls. googled curl+gnutls combo and noticed issues. travis-ci/travis-ci#6339
curl was using openssl whereas travisci is using gnutls. googled curl+gnutls combo and noticed issues. travis-ci/travis-ci#6339 mock tests for wallet block latest
curl was using openssl whereas travisci is using gnutls. googled curl+gnutls combo and noticed issues. travis-ci/travis-ci#6339 mock tests for wallet block latest Tests for WalletPath / WalletScript cleanup imports in test file
curl was using openssl whereas travisci is using gnutls. googled curl+gnutls combo and noticed issues. travis-ci/travis-ci#6339 mock tests for wallet block latest Tests for WalletPath / WalletScript cleanup imports in test file
Hopefully this fixes curl connectivity issues. Related: travis-ci/travis-ci#6339
Suggested here: travis-ci/travis-ci#6339 (comment)
* changed build process for phar * added phpunit7 support * Appveyor.yml to specify php 7.1 and PhpBrowserTest fixes (#4807) * Update appveyor.yml to specify php version 7.1 Pull request #4799 fails due to AppVeyor and Chocolatey installing PHP 7.2 and not constrained to any version. This entire file assumes PHP 7.1, so I added what I believe is the constraint for Chocolatey/cist. Disclaimer: I am not familiar with Chocolatey or AppVeyor so I'm kind of taking a stab in the dark, well an educated guess have you. * Update PhpBrowserTest.php codeception.com forces https, assertion corrected. * Updated redirect test in favor of http Due to issue with TravisCI with php-curl/ssl, changed to this for better solution. travis-ci/travis-ci#6339 * Updated TravisCI composer configuration TravisCI should test latest minor SemVer of Symfony packages not lowest, this was the only test failing due to memory overload from Composer trying to resolve dependencies.
* changed build process for phar * added phpunit7 support * Appveyor.yml to specify php 7.1 and PhpBrowserTest fixes (#4807) * Update appveyor.yml to specify php version 7.1 Pull request #4799 fails due to AppVeyor and Chocolatey installing PHP 7.2 and not constrained to any version. This entire file assumes PHP 7.1, so I added what I believe is the constraint for Chocolatey/cist. Disclaimer: I am not familiar with Chocolatey or AppVeyor so I'm kind of taking a stab in the dark, well an educated guess have you. * Update PhpBrowserTest.php codeception.com forces https, assertion corrected. * Updated redirect test in favor of http Due to issue with TravisCI with php-curl/ssl, changed to this for better solution. travis-ci/travis-ci#6339 * Updated TravisCI composer configuration TravisCI should test latest minor SemVer of Symfony packages not lowest, this was the only test failing due to memory overload from Composer trying to resolve dependencies.
Updating from |
There was a report that PHP cannot use SSL/TLS with php's curl. Normal
curl
does work.The error:
string(76) "gnutls_handshake() failed: A TLS packet with unexpected length was received."
This happens with a wide array of SSL options.
Log: https://travis-ci.org/joepvd/travis-experiment/jobs/146108809
Test case (courtesy @TextControl): https://github.com/joepvd/travis-experiment/tree/17a779c65604f2df07d9227811ed7970f4bc593a
The text was updated successfully, but these errors were encountered: