Merge branch 'hl_77270_proxy_call' into 'master'

Hl 77270 proxy call

See merge request !3

library/Zend/Http/Client/Adapter/Proxy.php

@@ -63,7 +63,7 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
      * @var boolean
      */
     protected $negotiated = false;
-    
+
     /**
      * Connect to the remote server
      *
@@ -145,13 +145,13 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
                 $this->config['proxy_user'], $this->config['proxy_pass'], $this->config['proxy_auth']
             );
         }
-                
+
         // if we are proxying HTTPS, preform CONNECT handshake with the proxy
         if ($uri->getScheme() == 'https' && (! $this->negotiated)) {
             $this->connectHandshake($uri->getHost(), $uri->getPort(), $http_ver, $headers);
             $this->negotiated = true;
         }
-        
+
         // Save request method for later
         $this->method = $method;
 
@@ -186,21 +186,21 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
      */
     protected function connectHandshake($host, $port = 443, $http_ver = '1.1', array &$headers = array())
     {
-    	$request = "CONNECT $host:$port HTTP/$http_ver\r\n" . 
+    	$request = "CONNECT $host:$port HTTP/$http_ver\r\n" .
     	           "Host: " . $this->config['proxy_host'] . "\r\n";
 
     	// Add the user-agent header
     	if (isset($this->config['useragent'])) {
     		$request .= "User-agent: " . $this->config['useragent'] . "\r\n";
     	}
-    	
+
     	// If the proxy-authorization header is set, send it to proxy but remove
     	// it from headers sent to target host
     	if (isset($headers['proxy-authorization'])) {
     	    $request .= "Proxy-authorization: " . $headers['proxy-authorization'] . "\r\n";
     	    unset($headers['proxy-authorization']);
     	}
-    	
+
         $request .= "\r\n";
 
         // Send the request
@@ -219,35 +219,38 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
                 if (!chop($line)) break;
             }
         }
-        
+
         // Check that the response from the proxy is 200
         if (Zend_Http_Response::extractCode($response) != 200) {
                 require_once 'Zend/Http/Client/Adapter/Exception.php';
         	throw new Zend_Http_Client_Adapter_Exception("Unable to connect to HTTPS proxy. Server response: " . $response);
         }
-        
+
         // If all is good, switch socket to secure mode. We have to fall back
-        // through the different modes 
-        $modes = array(
-            STREAM_CRYPTO_METHOD_TLS_CLIENT, 
-            STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
-            STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
-            STREAM_CRYPTO_METHOD_SSLv2_CLIENT 
-        );
-        
-        $success = false; 
+        // through the different modes
+        $modes = [
+                  STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+                  STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
+                  STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT,
+                  STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
+                  STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
+                  STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
+                  STREAM_CRYPTO_METHOD_ANY_CLIENT
+        ];
+
+        $success = false;
         foreach($modes as $mode) {
             $success = stream_socket_enable_crypto($this->socket, true, $mode);
         	if ($success) break;
         }
-        
+
         if (! $success) {
                 require_once 'Zend/Http/Client/Adapter/Exception.php';
-                throw new Zend_Http_Client_Adapter_Exception("Unable to connect to" . 
+                throw new Zend_Http_Client_Adapter_Exception("Unable to connect to" .
                     " HTTPS server through proxy: could not negotiate secure connection.");
         }
     }
-    
+
     /**
      * Close the connection to the server
      *
@@ -257,7 +260,7 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
         parent::close();
         $this->negotiated = false;
     }
-    
+
     /**
      * Destructor: make sure the socket is disconnected
      *

library/Zend/Mail/Protocol/Imap.php

@@ -11,7 +11,7 @@
  * If you did not receive a copy of the license and are unable to
  * obtain it through the world-wide-web, please send an email
  * to license@zend.com so we can send you a copy immediately.
- * 
+ *
  * @category   Zend
  * @package    Zend_Mail
  * @subpackage Protocol
@@ -104,17 +104,29 @@ class Zend_Mail_Protocol_Imap
 
         if ($ssl === 'TLS') {
             $result = $this->requestAndResponse('STARTTLS');
-            $result = $result && stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
-            if (!$result) {
-                /**
-                 * @see Zend_Mail_Protocol_Exception
-                 */
-                require_once 'Zend/Mail/Protocol/Exception.php';
-                throw new Zend_Mail_Protocol_Exception('cannot enable TLS');
-            }
+            $result = $result && $this->_connectViaTLS();
         }
     }
 
+
+
+
+    protected function _connectViaTLS() {
+      $success = false;
+      $modes = [
+                STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+                STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
+                STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
+      ];
+      foreach($modes as $mode) {
+        $success = stream_socket_enable_crypto($this->_socket, true, $mode);
+        if ($success) return true;
+      }
+
+      require_once 'Zend/Mail/Protocol/Exception.php';
+      throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
+    }
+
     /**
      * get the next line from socket with error checking, but nothing else
      *
@@ -189,8 +201,8 @@ class Zend_Mail_Protocol_Imap
                 "foo" baz {3}<NL>bar ("f\\\"oo" bar)
             would be returned as:
                 array('foo', 'baz', 'bar', array('f\\\"oo', 'bar'));
-                
-            // TODO: add handling of '[' and ']' to parser for easier handling of response text 
+
+            // TODO: add handling of '[' and ']' to parser for easier handling of response text
         */
         //  replace any trailling <NL> including spaces with a single space
         $line = rtrim($line) . ' ';
@@ -818,7 +830,7 @@ class Zend_Mail_Protocol_Imap
         if (!$response) {
         	return $response;
         }
-        
+
         foreach ($response as $ids) {
         	if ($ids[0] == 'SEARCH') {
         		array_shift($ids);

library/Zend/Mail/Protocol/Pop3.php

@@ -11,7 +11,7 @@
  * If you did not receive a copy of the license and are unable to
  * obtain it through the world-wide-web, please send an email
  * to license@zend.com so we can send you a copy immediately.
- * 
+ *
  * @category   Zend
  * @package    Zend_Mail
  * @subpackage Protocol
@@ -114,19 +114,30 @@ class Zend_Mail_Protocol_Pop3
 
         if ($ssl === 'TLS') {
             $this->request('STLS');
-            $result = stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
-            if (!$result) {
-                /**
-                 * @see Zend_Mail_Protocol_Exception
-                 */
-                require_once 'Zend/Mail/Protocol/Exception.php';
-                throw new Zend_Mail_Protocol_Exception('cannot enable TLS');
-            }
+            $result = $this->_connectViaTLS();
         }
 
         return $welcome;
     }
 
+    protected function _connectViaTLS() {
+      $success = false;
+      $modes = [
+                STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+                STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
+                STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
+      ];
+
+      foreach($modes as $mode) {
+        $success = stream_socket_enable_crypto($this->_socket, true, $mode);
+        if ($success) return true;
+      }
+
+      require_once 'Zend/Mail/Protocol/Exception.php';
+      throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
+    }
+
+
 
     /**
      * Send a request

library/Zend/Mail/Protocol/Smtp.php

@@ -12,7 +12,7 @@
  * If you did not receive a copy of the license and are unable to
  * obtain it through the world-wide-web, please send an email
  * to license@zend.com so we can send you a copy immediately.
- * 
+ *
  * @category   Zend
  * @package    Zend_Mail
  * @subpackage Protocol
@@ -38,7 +38,7 @@ require_once 'Zend/Mail/Protocol/Abstract.php';
  * Smtp implementation of Zend_Mail_Protocol_Abstract
  *
  * Minimum implementation according to RFC2821: EHLO, MAIL FROM, RCPT TO, DATA, RSET, NOOP, QUIT
- * 
+ *
  * @category   Zend
  * @package    Zend_Mail
  * @subpackage Protocol
@@ -203,13 +203,7 @@ class Zend_Mail_Protocol_Smtp extends Zend_Mail_Protocol_Abstract
         if ($this->_secure == 'tls') {
             $this->_send('STARTTLS');
             $this->_expect(220, 180);
-            if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
-                /**
-                 * @see Zend_Mail_Protocol_Exception
-                 */
-                require_once 'Zend/Mail/Protocol/Exception.php';
-                throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
-            }
+            $this->_connectViaTLS();
             $this->_ehlo($host);
         }
 
@@ -218,6 +212,24 @@ class Zend_Mail_Protocol_Smtp extends Zend_Mail_Protocol_Abstract
     }
 
 
+    protected function _connectViaTLS() {
+      $success = false;
+      $modes = [
+                STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+                STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
+                STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
+      ];
+
+      foreach($modes as $mode) {
+        $success = stream_socket_enable_crypto($this->_socket, true, $mode);
+        if ($success) break;
+      }
+
+      require_once 'Zend/Mail/Protocol/Exception.php';
+      throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
+    }
+
+
     /**
      * Send EHLO or HELO depending on capabilities of smtp host
      *