So initial testing shows that this is actually a problem with OpenSSL, or at least, it is OpenSSL refusing to connect to these servers:
(natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host cas.ucdavis.edu -port 443 CONNECTED(00000003) 1787:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:602: (natty-amd64)root@clint-MacBookPro:/home/clint/pkg/php5/bzr/natty-php-ssl-fix# openssl s_client -host server.db.kvk.nl -port 443 CONNECTED(00000003) 1788:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:602:
The condition to reach that error is:
else if ((p[0] == SSL3_RT_ALERT) && (p[1] == SSL3_VERSION_MAJOR) && ((p[2] == SSL3_VERSION_MINOR) || (p[2] == TLS1_VERSION_MINOR)) && (p[3] == 0) && (p[4] == 2))
So it seems if the SSL version is 3, or we're using tlsv1, the code is triggered (602 is later).
Still investigating, but I am adding an OpenSSL bug task.
So initial testing shows that this is actually a problem with OpenSSL, or at least, it is OpenSSL refusing to connect to these servers:
(natty- amd64)root@ clint-MacBookPr o:/home/ clint/pkg/ php5/bzr/ natty-php- ssl-fix# openssl s_client -host cas.ucdavis.edu -port 443 140773F2: SSL routines: SSL23_GET_ SERVER_ HELLO:sslv3 alert unexpected message: s23_clnt. c:602: amd64)root@ clint-MacBookPr o:/home/ clint/pkg/ php5/bzr/ natty-php- ssl-fix# openssl s_client -host server.db.kvk.nl -port 443 1407741A: SSL routines: SSL23_GET_ SERVER_ HELLO:tlsv1 alert decode error:s23_ clnt.c: 602:
CONNECTED(00000003)
1787:error:
(natty-
CONNECTED(00000003)
1788:error:
The condition to reach that error is:
else if ((p[0] == SSL3_RT_ALERT) && MINOR)) &&
(p[1] == SSL3_VERSION_MAJOR) &&
((p[2] == SSL3_VERSION_MINOR) ||
(p[2] == TLS1_VERSION_
(p[3] == 0) &&
(p[4] == 2))
So it seems if the SSL version is 3, or we're using tlsv1, the code is triggered (602 is later).
Still investigating, but I am adding an OpenSSL bug task.