From: Tim Düsterhus Date: Wed, 17 Dec 2014 23:51:00 +0000 (+0100) Subject: Properly support certificate validation if a HTTP proxy is used X-Git-Tag: 2.1.0_Beta_3~101^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7e6297c8bd0ae01ce724949592d5df9ab79b735d;p=GitHub%2FWoltLab%2FWCF.git Properly support certificate validation if a HTTP proxy is used --- diff --git a/wcfsetup/install/files/lib/system/io/RemoteFile.class.php b/wcfsetup/install/files/lib/system/io/RemoteFile.class.php index da47f6a843..ba17cb01d5 100644 --- a/wcfsetup/install/files/lib/system/io/RemoteFile.class.php +++ b/wcfsetup/install/files/lib/system/io/RemoteFile.class.php @@ -51,11 +51,14 @@ class RemoteFile extends File { * @param integer $timeout * @param array $options */ - public function __construct($host, $port, $timeout = 30) { + public function __construct($host, $port, $timeout = 30, $options = array()) { $this->host = $host; $this->port = $port; - $this->resource = @fsockopen($host, $port, $this->errorNumber, $this->errorDesc, $timeout); + if (!preg_match('/^[a-z0-9]+:/', $this->host)) $this->host = 'tcp://'.$this->host; + + $context = stream_context_create($options); + $this->resource = @stream_socket_client($this->host.':'.$this->port, $this->errorNumber, $this->errorDesc, $timeout, STREAM_CLIENT_CONNECT, $context); if ($this->resource === false) { throw new SystemException('Can not connect to ' . $host, 0, $this->errorDesc); } diff --git a/wcfsetup/install/files/lib/util/HTTPRequest.class.php b/wcfsetup/install/files/lib/util/HTTPRequest.class.php index 867eb942bd..2c55563d84 100644 --- a/wcfsetup/install/files/lib/util/HTTPRequest.class.php +++ b/wcfsetup/install/files/lib/util/HTTPRequest.class.php @@ -249,7 +249,11 @@ final class HTTPRequest { */ public function execute() { // connect - $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout']); + $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout'], array( + 'ssl' => array( + 'peer_name' => $this->originHost + ) + )); if ($this->originUseSSL && PROXY_SERVER_HTTP) { if ($this->useSSL) throw new SystemException("Unable to proxy HTTPS when using TLS for proxy connection");