Commit 7fed0bfe authored by efalcy's avatar efalcy
Browse files

hotline #77270 : add crypto stream methods for compatibility with php > 5.6

parent a6eec17e
......@@ -63,7 +63,7 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
* @var boolean
*/
protected $negotiated = false;
/**
* Connect to the remote server
*
......@@ -145,13 +145,13 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
$this->config['proxy_user'], $this->config['proxy_pass'], $this->config['proxy_auth']
);
}
// if we are proxying HTTPS, preform CONNECT handshake with the proxy
if ($uri->getScheme() == 'https' && (! $this->negotiated)) {
$this->connectHandshake($uri->getHost(), $uri->getPort(), $http_ver, $headers);
$this->negotiated = true;
}
// Save request method for later
$this->method = $method;
......@@ -186,21 +186,21 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
*/
protected function connectHandshake($host, $port = 443, $http_ver = '1.1', array &$headers = array())
{
$request = "CONNECT $host:$port HTTP/$http_ver\r\n" .
$request = "CONNECT $host:$port HTTP/$http_ver\r\n" .
"Host: " . $this->config['proxy_host'] . "\r\n";
// Add the user-agent header
if (isset($this->config['useragent'])) {
$request .= "User-agent: " . $this->config['useragent'] . "\r\n";
}
// If the proxy-authorization header is set, send it to proxy but remove
// it from headers sent to target host
if (isset($headers['proxy-authorization'])) {
$request .= "Proxy-authorization: " . $headers['proxy-authorization'] . "\r\n";
unset($headers['proxy-authorization']);
}
$request .= "\r\n";
// Send the request
......@@ -219,35 +219,45 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
if (!chop($line)) break;
}
}
// Check that the response from the proxy is 200
if (Zend_Http_Response::extractCode($response) != 200) {
require_once 'Zend/Http/Client/Adapter/Exception.php';
throw new Zend_Http_Client_Adapter_Exception("Unable to connect to HTTPS proxy. Server response: " . $response);
}
// If all is good, switch socket to secure mode. We have to fall back
// through the different modes
$modes = array(
STREAM_CRYPTO_METHOD_TLS_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
STREAM_CRYPTO_METHOD_SSLv2_CLIENT
);
$success = false;
// through the different modes
$modes = defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')
? array(
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_ANY_CLIENT
)
: array(
STREAM_CRYPTO_METHOD_TLS_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
);
$success = false;
foreach($modes as $mode) {
$success = stream_socket_enable_crypto($this->socket, true, $mode);
if ($success) break;
}
if (! $success) {
require_once 'Zend/Http/Client/Adapter/Exception.php';
throw new Zend_Http_Client_Adapter_Exception("Unable to connect to" .
throw new Zend_Http_Client_Adapter_Exception("Unable to connect to" .
" HTTPS server through proxy: could not negotiate secure connection.");
}
}
/**
* Close the connection to the server
*
......@@ -257,7 +267,7 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
parent::close();
$this->negotiated = false;
}
/**
* Destructor: make sure the socket is disconnected
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment