diff options
-rw-r--r-- | _test/tests/inc/httpclient_http_proxy.test.php | 2 | ||||
-rw-r--r-- | _test/tests/inc/httpclient_https_proxy.test.php | 2 | ||||
-rw-r--r-- | inc/HTTPClient.php | 14 |
3 files changed, 10 insertions, 8 deletions
diff --git a/_test/tests/inc/httpclient_http_proxy.test.php b/_test/tests/inc/httpclient_http_proxy.test.php index 79b8f8e5e..dae801dbd 100644 --- a/_test/tests/inc/httpclient_http_proxy.test.php +++ b/_test/tests/inc/httpclient_http_proxy.test.php @@ -3,7 +3,7 @@ require_once (__DIR__ . '/httpclient_mock.php'); class httpclient_http_proxy_test extends DokuWikiTest { - protected $url = 'http://test.dokuwiki.org/README'; + protected $url = 'http://httpbin.org/user-agent'; /** * @group internet diff --git a/_test/tests/inc/httpclient_https_proxy.test.php b/_test/tests/inc/httpclient_https_proxy.test.php index 7a54bb92e..cf5b9a8b9 100644 --- a/_test/tests/inc/httpclient_https_proxy.test.php +++ b/_test/tests/inc/httpclient_https_proxy.test.php @@ -2,7 +2,7 @@ require_once dirname(__FILE__).'/httpclient_http_proxy.test.php'; class httpclient_https_proxy_test extends httpclient_http_proxy_test { - protected $url = 'https://test.dokuwiki.org/README'; + protected $url = 'https://httpbin.org/user-agent'; public function setUp(){ // skip tests when this PHP has no SSL support diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 24b3a8d78..092216c57 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -592,20 +592,22 @@ class HTTPClient { // set correct peer name for verification (enabled since PHP 5.6) stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']); - // Because of older PHP versions having trouble with TLS (enable_crypto returns true, but - // the conection still borks) we try SSLv3 first - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { + // because SSLv3 is mostly broken, we try TLS connections here first. + // according to https://github.com/splitbrain/dokuwiki/commit/c05ef534 we had problems with certain + // setups with this solution before, but we have no usable test for that and TLS should be the more + // common crypto by now + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - // If the proxy does not support SSLv3 we try TLS - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + // if the above failed, this will most probably not work either, but we can try + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - throw new HTTPClientException('Failed to set up crypto for secure proxy connection', -151); + throw new HTTPClientException('Failed to set up crypto for secure connection to '.$requestinfo['host'], -151); } throw new HTTPClientException('Failed to establish secure proxy connection', -150); |