Disabled implicit SSL support for update servers
authorAlexander Ebert <ebert@woltlab.com>
Thu, 5 Feb 2015 19:59:12 +0000 (20:59 +0100)
committerAlexander Ebert <ebert@woltlab.com>
Thu, 5 Feb 2015 19:59:12 +0000 (20:59 +0100)
SSL is currently too unreliable to be automatically picked over http, we'll revisit this with WCF 2.2 to see if there is a less broken SSL support throughout the user webspaces/servers.

Note: This only affects the automatic protocol negotiation, if you register the update server with https:// it won't be touched (unless SSL is unsupported)

wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
wcfsetup/install/files/lib/system/package/PackageUpdateDispatcher.class.php

index 024b7c37082bd002cb2aac6815faa51155fde401..aa1bcd38e2a2e705d5385e32669313c5dde7c62c 100644 (file)
@@ -173,11 +173,12 @@ class PackageUpdateServer extends DatabaseObject {
                $serverURL = FileUtil::addTrailingSlash($this->serverURL) . 'list/' . WCF::getLanguage()->getFixedLanguageCode() . '.xml';
                
                $metaData = $this->getMetaData();
-               if (!RemoteFile::supportsSSL() || !$metaData['ssl']) {
+               //if (!RemoteFile::supportsSSL() || !$metaData['ssl']) {
+               if (!RemoteFile::supportsSSL()) {
                        return preg_replace('~^https://~', 'http://', $serverURL);
                }
                
-               return preg_replace('~^http://~', 'https://', $serverURL);
+               return $serverURL;
        }
        
        /**
@@ -191,11 +192,12 @@ class PackageUpdateServer extends DatabaseObject {
                }
                
                $metaData = $this->getMetaData();
-               if (!RemoteFile::supportsSSL() || !$metaData['ssl']) {
+               //if (!RemoteFile::supportsSSL() || !$metaData['ssl']) {
+               if (!RemoteFile::supportsSSL()) {
                        return preg_replace('~^https://~', 'http://', $this->serverURL);
                }
                
-               return preg_replace('~^http://~', 'https://', $this->serverURL);
+               return $this->serverURL;
        }
        
        /**
index 6fa770eb22129d59b94afd75911a2dba55fc2f7e..75ebc62e780753bfccc44b097aebfb66f9f1451a 100644 (file)
@@ -134,15 +134,16 @@ class PackageUpdateDispatcher extends SingletonFactory {
                        if (empty($reply['httpHeaders']['etag']) && empty($reply['httpHeaders']['last-modified'])) {
                                throw new SystemException("Missing required HTTP headers 'etag' and 'last-modified'.");
                        }
-                       else if (empty($reply['httpHeaders']['wcf-update-server-ssl'])) {
+                       /*else if (empty($reply['httpHeaders']['wcf-update-server-ssl'])) {
                                throw new SystemException("Missing required HTTP header 'wcf-update-server-ssl'.");
-                       }
+                       }*/
                        
                        $metaData['list'] = array();
                        if (!empty($reply['httpHeaders']['etag'])) $metaData['list']['etag'] = reset($reply['httpHeaders']['etag']);
                        if (!empty($reply['httpHeaders']['last-modified'])) $metaData['list']['lastModified'] = reset($reply['httpHeaders']['last-modified']);
                        
-                       $metaData['ssl'] = (reset($reply['httpHeaders']['wcf-update-server-ssl']) == 'true') ? true : false;
+                       $metaData['ssl'] = false;
+                       //(reset($reply['httpHeaders']['wcf-update-server-ssl']) == 'true') ? true : false;
                }
                $data['metaData'] = serialize($metaData);