From 4343d40d6272b3148e99369d2f16d60f90c835a5 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Thu, 11 Dec 2014 23:39:21 +0100
Subject: set correct peer name when connecting through a SSL tunnel proxy

---
 inc/HTTPClient.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index 4112932c4..c791b7f4a 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -589,6 +589,9 @@ class HTTPClient {
 
         $this->_debug('SSL Tunnel Response',$r_headers);
         if(preg_match('/^HTTP\/1\.[01] 200/i',$r_headers)){
+            // set correct peer name for verification (enabled since PHP 5.6)
+            stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']);
+
             // Try a TLS connection first
             if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
                 $requesturl = $requestinfo['path'];
-- 
cgit v1.2.3