Properly support certificate validation if a HTTP proxy is used
authorTim Düsterhus <duesterhus@woltlab.com>
Wed, 17 Dec 2014 23:51:00 +0000 (00:51 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Thu, 18 Dec 2014 20:41:35 +0000 (21:41 +0100)
wcfsetup/install/files/lib/system/io/RemoteFile.class.php
wcfsetup/install/files/lib/util/HTTPRequest.class.php

index da47f6a84321440e504e625d6e37948f0fffae98..ba17cb01d5f45ddc5e9d998493ea1cf1ffebf523 100644 (file)
@@ -51,11 +51,14 @@ class RemoteFile extends File {
         * @param       integer         $timeout
         * @param       array           $options
         */
-       public function __construct($host, $port, $timeout = 30) {
+       public function __construct($host, $port, $timeout = 30, $options = array()) {
                $this->host = $host;
                $this->port = $port;
                
-               $this->resource = @fsockopen($host, $port, $this->errorNumber, $this->errorDesc, $timeout);
+               if (!preg_match('/^[a-z0-9]+:/', $this->host)) $this->host = 'tcp://'.$this->host;
+               
+               $context = stream_context_create($options);
+               $this->resource = @stream_socket_client($this->host.':'.$this->port, $this->errorNumber, $this->errorDesc, $timeout, STREAM_CLIENT_CONNECT, $context);
                if ($this->resource === false) {
                        throw new SystemException('Can not connect to ' . $host, 0, $this->errorDesc);
                }
index 867eb942bd7819b34717bab9ec78935c2e220ab6..2c55563d84b24c78877341961e4a0101eab2875f 100644 (file)
@@ -249,7 +249,11 @@ final class HTTPRequest {
         */
        public function execute() {
                // connect
-               $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout']);
+               $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout'], array(
+                       'ssl' => array(
+                               'peer_name' => $this->originHost
+                       )
+               ));
                
                if ($this->originUseSSL && PROXY_SERVER_HTTP) {
                        if ($this->useSSL) throw new SystemException("Unable to proxy HTTPS when using TLS for proxy connection");