36

Screenshot is here

I have built a website in PHP using the YII2 framework. When I use file_get_contents($requestUrl, false, stream_context_create($arrContextOptions)) then i am getting error saying error:0A000126:SSL routines::unexpected eof while reading I have also tried to enable the legacy provider by editing the openssl.cnf file, but got no success. Reference: https://gist.github.com/rdh27785/97210d439a280063bd768006450c435d

Any help would be appriciated.

Server: Nginx (nginx/1.18.0) OS: Ubuntu 22.04 LTS PHP: 7.4.29 Openssl: 1.1.1d

Improve this question
3

5 Answers 5

Reset to default
39

This error manifests not only with PHP but in a broad variety of contexts, so I write a generic answer here. The other answers address the issue by upgrading software that have implemented the solution already upstream. The reasons and background is explained here. Most software linking OpenSSL have tickets where they introduce support for the new openssl behaviour, e.g. 1, 2, 3. Currently, in Ubuntu 22.04 LTS curl is version 7.81.0, and fails in case of unexpected EOF with OpenSSL 3.0.x. The latest curl is 7.88.1, and apparently resolved the issue, though I could not find the exact commit or ticket. The solution in Ubuntu 22.04 and any system with old curl is to manually compile and install the latest one, as shown for example here.

Importantly, the issue can be addressed on client side, you don't have to do anything with the server (especially that, in most cases, it's a third party server and works correctly).

TLDR:

apt remove curl
apt purge curl
apt-get update
apt-get install -y libssl-dev autoconf libtool make
cd /usr/local/src
wget https://curl.haxx.se/download/curl-7.88.1.zip
unzip curl-7.88.1.zip
cd curl-7.88.1
./buildconf
./configure --with-ssl 
make
sudo make install
sudo cp /usr/local/bin/curl /usr/bin/curl
sudo ldconfig
curl -V
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

You can use snap too, no?
Got *** Do not use buildconf. Instead, just use: autoreconf -fi when running ./buildconf FYI
SECURITY: It's a terrible idea to wget from an unofficial source. TERRIBLE.
@GaTechThomas That's the official webpage of the curl project, isn't it?
Yes, curl.haxx.se was the official website of curl for a long time, now it's just curl.se.
|
13

I just had the same issue, it looks like its an issue with OpenSSL on Ubuntu 22.04.

I just updated all my packages on the server and now functionality is working as expected.

sudo apt update && sudo apt upgrade -y
Improve this answer

4 Comments

Interesting, we've had some users complain about 502 errors ("Bad Gateway") etc on SlickStack recently. Despite upgrading to latest packages, the error still persisted in my case, even after changing to Lets Encrypt. Rebooting the server fixed it however, and the frontend of the site suddenly loaded fine after that... TLDR: update, upgrade, reboot.
Reminds me of Windows. Reboot didn't fix it for me (as usual on Linux).
Was having this issue setting up etcd for a multimaster K8s cluster. This fixed it. The error was buried deep inside kubelet error logs too.
I have the same issue on my Ubuntu 22.04. Update and upgrade don't resolve my issue unfortunately.
6

Upgrade your nginx 1.18.0 to the mainline version and the problem will be fixed. To do so:

  1. Execute as sudo: curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor >/usr/share/keyrings/nginx-signing.gpg.
  2. ADD THE LINES in /etc/apt/sources.list:
deb [signed-by=/usr/share/keyrings/nginx-signing.gpg] https://nginx.org/packages/mainline/ubuntu/ jammy nginx
deb-src [signed-by=/usr/share/keyrings/nginx-signing.gpg] https://nginx.org/packages/mainline/ubuntu/ jammy nginx
  1. sudo apt update
  2. sudo apt install nginx

Then restart the nginx server.

Improve this answer

2 Comments

Despite the deprecation of apt-key it is working. You should update your answer.
I installed nginx/1.22.1 but didn't help.
5

Another possible reason you may be getting this error is if a firewall is blocking your traffic from the machine to the internet.

In my case, it was an Ubuntu 22.04 LTS machine, behind an Azure Firewall. The firewall was configured to only allow certain categories, and the sites I was trying to talk to were not in the allowed category.

In your case it may be a different kind of rule blocking it however. You may wish to review the logs from your firewall to know if it is blocking it and why.

Improve this answer

Comments

0

Try to upgrade your Nginx to 1.22 may help.

On Cent OS 9 Stream, you can install it with the following commmands

dnf module list nginx
dnf module reset nginx
dnf module install nginx:1.22
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.