diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2015-03-18 21:55:59 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2015-03-18 21:55:59 +0100 |
| commit | 6abea1c0be56a2cb5575c8921c3e6661ed565697 (patch) | |
| tree | fae7da330a05c8ecaca75ec9bd8dc1107db88102 /inc | |
| parent | d387bf5e958e9d25a7192d1f5e5280ac0eb82da7 (diff) | |
| download | rpg-6abea1c0be56a2cb5575c8921c3e6661ed565697.tar.gz rpg-6abea1c0be56a2cb5575c8921c3e6661ed565697.tar.bz2 | |
fixed HTTPS proxy tests, our tests now run on httpbin.org
This also reverses the order of crypto protocols tried again. Using TLS
first again. related to #915
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/HTTPClient.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 24b3a8d78..092216c57 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -592,20 +592,22 @@ class HTTPClient { // set correct peer name for verification (enabled since PHP 5.6) stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']); - // Because of older PHP versions having trouble with TLS (enable_crypto returns true, but - // the conection still borks) we try SSLv3 first - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { + // because SSLv3 is mostly broken, we try TLS connections here first. + // according to https://github.com/splitbrain/dokuwiki/commit/c05ef534 we had problems with certain + // setups with this solution before, but we have no usable test for that and TLS should be the more + // common crypto by now + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - // If the proxy does not support SSLv3 we try TLS - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + // if the above failed, this will most probably not work either, but we can try + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - throw new HTTPClientException('Failed to set up crypto for secure proxy connection', -151); + throw new HTTPClientException('Failed to set up crypto for secure connection to '.$requestinfo['host'], -151); } throw new HTTPClientException('Failed to establish secure proxy connection', -150); |