Commit e283ae7e authored by efalcy's avatar efalcy
Browse files

Merge branch 'hl_77270_proxy_call' into 'master'

Hl 77270 proxy call

See merge request !3
parents a6eec17e 029a9044
......@@ -63,7 +63,7 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
* @var boolean
*/
protected $negotiated = false;
/**
* Connect to the remote server
*
......@@ -145,13 +145,13 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
$this->config['proxy_user'], $this->config['proxy_pass'], $this->config['proxy_auth']
);
}
// if we are proxying HTTPS, preform CONNECT handshake with the proxy
if ($uri->getScheme() == 'https' && (! $this->negotiated)) {
$this->connectHandshake($uri->getHost(), $uri->getPort(), $http_ver, $headers);
$this->negotiated = true;
}
// Save request method for later
$this->method = $method;
......@@ -186,21 +186,21 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
*/
protected function connectHandshake($host, $port = 443, $http_ver = '1.1', array &$headers = array())
{
$request = "CONNECT $host:$port HTTP/$http_ver\r\n" .
$request = "CONNECT $host:$port HTTP/$http_ver\r\n" .
"Host: " . $this->config['proxy_host'] . "\r\n";
// Add the user-agent header
if (isset($this->config['useragent'])) {
$request .= "User-agent: " . $this->config['useragent'] . "\r\n";
}
// If the proxy-authorization header is set, send it to proxy but remove
// it from headers sent to target host
if (isset($headers['proxy-authorization'])) {
$request .= "Proxy-authorization: " . $headers['proxy-authorization'] . "\r\n";
unset($headers['proxy-authorization']);
}
$request .= "\r\n";
// Send the request
......@@ -219,35 +219,38 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
if (!chop($line)) break;
}
}
// Check that the response from the proxy is 200
if (Zend_Http_Response::extractCode($response) != 200) {
require_once 'Zend/Http/Client/Adapter/Exception.php';
throw new Zend_Http_Client_Adapter_Exception("Unable to connect to HTTPS proxy. Server response: " . $response);
}
// If all is good, switch socket to secure mode. We have to fall back
// through the different modes
$modes = array(
STREAM_CRYPTO_METHOD_TLS_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
STREAM_CRYPTO_METHOD_SSLv2_CLIENT
);
$success = false;
// through the different modes
$modes = [
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_ANY_CLIENT
];
$success = false;
foreach($modes as $mode) {
$success = stream_socket_enable_crypto($this->socket, true, $mode);
if ($success) break;
}
if (! $success) {
require_once 'Zend/Http/Client/Adapter/Exception.php';
throw new Zend_Http_Client_Adapter_Exception("Unable to connect to" .
throw new Zend_Http_Client_Adapter_Exception("Unable to connect to" .
" HTTPS server through proxy: could not negotiate secure connection.");
}
}
/**
* Close the connection to the server
*
......@@ -257,7 +260,7 @@ class Zend_Http_Client_Adapter_Proxy extends Zend_Http_Client_Adapter_Socket
parent::close();
$this->negotiated = false;
}
/**
* Destructor: make sure the socket is disconnected
*
......
......@@ -11,7 +11,7 @@
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
*
* @category Zend
* @package Zend_Mail
* @subpackage Protocol
......@@ -104,17 +104,29 @@ class Zend_Mail_Protocol_Imap
if ($ssl === 'TLS') {
$result = $this->requestAndResponse('STARTTLS');
$result = $result && stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
if (!$result) {
/**
* @see Zend_Mail_Protocol_Exception
*/
require_once 'Zend/Mail/Protocol/Exception.php';
throw new Zend_Mail_Protocol_Exception('cannot enable TLS');
}
$result = $result && $this->_connectViaTLS();
}
}
protected function _connectViaTLS() {
$success = false;
$modes = [
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
];
foreach($modes as $mode) {
$success = stream_socket_enable_crypto($this->_socket, true, $mode);
if ($success) return true;
}
require_once 'Zend/Mail/Protocol/Exception.php';
throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
}
/**
* get the next line from socket with error checking, but nothing else
*
......@@ -189,8 +201,8 @@ class Zend_Mail_Protocol_Imap
"foo" baz {3}<NL>bar ("f\\\"oo" bar)
would be returned as:
array('foo', 'baz', 'bar', array('f\\\"oo', 'bar'));
// TODO: add handling of '[' and ']' to parser for easier handling of response text
// TODO: add handling of '[' and ']' to parser for easier handling of response text
*/
// replace any trailling <NL> including spaces with a single space
$line = rtrim($line) . ' ';
......@@ -818,7 +830,7 @@ class Zend_Mail_Protocol_Imap
if (!$response) {
return $response;
}
foreach ($response as $ids) {
if ($ids[0] == 'SEARCH') {
array_shift($ids);
......
......@@ -11,7 +11,7 @@
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
*
* @category Zend
* @package Zend_Mail
* @subpackage Protocol
......@@ -114,19 +114,30 @@ class Zend_Mail_Protocol_Pop3
if ($ssl === 'TLS') {
$this->request('STLS');
$result = stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
if (!$result) {
/**
* @see Zend_Mail_Protocol_Exception
*/
require_once 'Zend/Mail/Protocol/Exception.php';
throw new Zend_Mail_Protocol_Exception('cannot enable TLS');
}
$result = $this->_connectViaTLS();
}
return $welcome;
}
protected function _connectViaTLS() {
$success = false;
$modes = [
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
];
foreach($modes as $mode) {
$success = stream_socket_enable_crypto($this->_socket, true, $mode);
if ($success) return true;
}
require_once 'Zend/Mail/Protocol/Exception.php';
throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
}
/**
* Send a request
......
......@@ -12,7 +12,7 @@
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
*
* @category Zend
* @package Zend_Mail
* @subpackage Protocol
......@@ -38,7 +38,7 @@ require_once 'Zend/Mail/Protocol/Abstract.php';
* Smtp implementation of Zend_Mail_Protocol_Abstract
*
* Minimum implementation according to RFC2821: EHLO, MAIL FROM, RCPT TO, DATA, RSET, NOOP, QUIT
*
*
* @category Zend
* @package Zend_Mail
* @subpackage Protocol
......@@ -203,13 +203,7 @@ class Zend_Mail_Protocol_Smtp extends Zend_Mail_Protocol_Abstract
if ($this->_secure == 'tls') {
$this->_send('STARTTLS');
$this->_expect(220, 180);
if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
/**
* @see Zend_Mail_Protocol_Exception
*/
require_once 'Zend/Mail/Protocol/Exception.php';
throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
}
$this->_connectViaTLS();
$this->_ehlo($host);
}
......@@ -218,6 +212,24 @@ class Zend_Mail_Protocol_Smtp extends Zend_Mail_Protocol_Abstract
}
protected function _connectViaTLS() {
$success = false;
$modes = [
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
];
foreach($modes as $mode) {
$success = stream_socket_enable_crypto($this->_socket, true, $mode);
if ($success) break;
}
require_once 'Zend/Mail/Protocol/Exception.php';
throw new Zend_Mail_Protocol_Exception('Unable to connect via TLS');
}
/**
* Send EHLO or HELO depending on capabilities of smtp host
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment