diff options
| author | Daniel Lowrey <rdlowrey@php.net> | 2014-07-12 10:49:42 -0400 |
|---|---|---|
| committer | Daniel Lowrey <rdlowrey@php.net> | 2014-07-12 10:51:44 -0400 |
| commit | f3bf887e6d84619fd03efc244756f68fa857b346 (patch) | |
| tree | 6b9c4bf4c71903fcb9a77dab41ca9498a7339c49 | |
| parent | b3948b1d057a099b49cec95685e13fb0f56028c1 (diff) | |
| download | php-git-f3bf887e6d84619fd03efc244756f68fa857b346.tar.gz | |
Bug #67609: TLS connections fail behind HTTP proxy
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/standard/http_fopen_wrapper.c | 11 |
2 files changed, 12 insertions, 2 deletions
@@ -28,6 +28,9 @@ PHP NEWS - pgsql: . Fixed bug #67555 (Cannot build against libpq 7.3). (Adam) +- OpenSSL: + . Fixed bug #67609 (TLS connections fail behind HTTP proxy). (Daniel Lowrey) + - Phar: . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 1b8d505a4b..87d0bd64e3 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -120,7 +120,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *scratch = NULL; char *tmp = NULL; char *ua_str = NULL; - zval **ua_zval = NULL, **tmpzval = NULL; + zval **ua_zval = NULL, **tmpzval = NULL, *ssl_proxy_peer_name = NULL; int scratch_len = 0; int body = 0; char location[HTTP_HEADER_BLOCK_SIZE]; @@ -224,6 +224,13 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, efree(transport_string); if (stream && use_proxy && use_ssl) { + /* Set peer_name or name verification will try to use the proxy server name */ + if (!context || php_stream_context_get_option(context, "ssl", "peer_name", &tmpzval) == FAILURE) { + MAKE_STD_ZVAL(ssl_proxy_peer_name); + ZVAL_STRING(ssl_proxy_peer_name, resource->host, 1); + php_stream_context_set_option(stream->context, "ssl", "peer_name", ssl_proxy_peer_name); + } + smart_str header = {0}; smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1); @@ -316,7 +323,7 @@ finish: /* enable SSL transport layer */ if (stream) { - if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 || + if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_ANY_CLIENT, NULL TSRMLS_CC) < 0 || php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Cannot connect to HTTPS server through proxy"); php_stream_close(stream); |