From c79b8fcb3e9db22ac5b4c558a8ed7a3d68f3eb80 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Thu, 18 Dec 2014 00:51:00 +0100 Subject: [PATCH] Properly support certificate validation if a HTTP proxy is used --- wcfsetup/install/files/lib/system/io/RemoteFile.class.php | 7 +++++-- wcfsetup/install/files/lib/util/HTTPRequest.class.php | 6 +++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/wcfsetup/install/files/lib/system/io/RemoteFile.class.php b/wcfsetup/install/files/lib/system/io/RemoteFile.class.php index da47f6a843..ba17cb01d5 100644 --- a/wcfsetup/install/files/lib/system/io/RemoteFile.class.php +++ b/wcfsetup/install/files/lib/system/io/RemoteFile.class.php @@ -51,11 +51,14 @@ class RemoteFile extends File { * @param integer $timeout * @param array $options */ - public function __construct($host, $port, $timeout = 30) { + public function __construct($host, $port, $timeout = 30, $options = array()) { $this->host = $host; $this->port = $port; - $this->resource = @fsockopen($host, $port, $this->errorNumber, $this->errorDesc, $timeout); + if (!preg_match('/^[a-z0-9]+:/', $this->host)) $this->host = 'tcp://'.$this->host; + + $context = stream_context_create($options); + $this->resource = @stream_socket_client($this->host.':'.$this->port, $this->errorNumber, $this->errorDesc, $timeout, STREAM_CLIENT_CONNECT, $context); if ($this->resource === false) { throw new SystemException('Can not connect to ' . $host, 0, $this->errorDesc); } diff --git a/wcfsetup/install/files/lib/util/HTTPRequest.class.php b/wcfsetup/install/files/lib/util/HTTPRequest.class.php index 867eb942bd..2c55563d84 100644 --- a/wcfsetup/install/files/lib/util/HTTPRequest.class.php +++ b/wcfsetup/install/files/lib/util/HTTPRequest.class.php @@ -249,7 +249,11 @@ final class HTTPRequest { */ public function execute() { // connect - $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout']); + $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout'], array( + 'ssl' => array( + 'peer_name' => $this->originHost + ) + )); if ($this->originUseSSL && PROXY_SERVER_HTTP) { if ($this->useSSL) throw new SystemException("Unable to proxy HTTPS when using TLS for proxy connection"); -- 2.20.1