From e0c26282a603881e8d2f839d94c28dbbfc57d71b Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 29 Sep 2014 03:34:17 +0200 Subject: scrutinizer documentations issues --- inc/HTTPClient.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index cd4c7c4c5..ea20e3e56 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -57,6 +57,12 @@ class DokuHTTPClient extends HTTPClient { * @triggers HTTPCLIENT_REQUEST_SEND * @author Andreas Gohr */ + /** + * @param string $url + * @param string|array $data the post data either as array or raw data + * @param string $method + * @return bool + */ function sendRequest($url,$data='',$method='GET'){ $httpdata = array('url' => $url, 'data' => $data, @@ -104,7 +110,7 @@ class HTTPClient { var $header_regexp; // if set this RE must match against the headers, else abort var $headers; var $debug; - var $start = 0; // for timings + var $start = 0.0; // for timings var $keep_alive = true; // keep alive rocks // don't set these, read on error -- cgit v1.2.3 From 42ea7f447f39fbc2f79eaaec31f8c10ede59c5d0 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Wed, 1 Oct 2014 11:30:27 +0200 Subject: Many PHPDocs, some unused and dyn declared vars many PHPDocs some unused variables some dynamically declared variables declared --- inc/HTTPClient.php | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index ea20e3e56..2e991b52f 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -172,7 +172,8 @@ class HTTPClient { * * @param string $url The URL to fetch * @param bool $sloppy304 Return body on 304 not modified - * @return bool|string response body, false on error + * @return false|string response body, false on error + * * @author Andreas Gohr */ function get($url,$sloppy304=false){ @@ -193,7 +194,8 @@ class HTTPClient { * @param string $url The URL to fetch * @param array $data Associative array of parameters * @param bool $sloppy304 Return body on 304 not modified - * @return bool|string response body, false on error + * @return false|string response body, false on error + * * @author Andreas Gohr */ function dget($url,$data,$sloppy304=false){ @@ -213,7 +215,7 @@ class HTTPClient { * * @param string $url The URL to fetch * @param array $data Associative array of parameters - * @return bool|string response body, false on error + * @return false|string response body, false on error * @author Andreas Gohr */ function post($url,$data){ @@ -235,6 +237,7 @@ class HTTPClient { * @param mixed $data - the post data either as array or raw data * @param string $method - HTTP Method usually GET or POST. * @return bool - true on success + * * @author Andreas Goetz * @author Andreas Gohr */ @@ -602,6 +605,7 @@ class HTTPClient { * @param string $data The data to write * @param string $message Description of what is being read * @throws HTTPClientException + * * @author Tom N Harris */ function _sendData($socket, $data, $message) { @@ -646,6 +650,7 @@ class HTTPClient { * @param bool $ignore_eof End-of-file is not an error if this is set * @throws HTTPClientException * @return string + * * @author Tom N Harris */ function _readData($socket, $nbytes, $message, $ignore_eof = false) { @@ -695,6 +700,7 @@ class HTTPClient { * @param string $message Description of what is being read * @throws HTTPClientException * @return string + * * @author Tom N Harris */ function _readLine($socket, $message) { @@ -729,6 +735,9 @@ class HTTPClient { * Uses _debug_text or _debug_html depending on the SAPI name * * @author Andreas Gohr + * + * @param string $info + * @param mixed $var */ function _debug($info,$var=null){ if(!$this->debug) return; @@ -742,8 +751,8 @@ class HTTPClient { /** * print debug info as HTML * - * @param $info - * @param null $var + * @param string $info + * @param mixed $var */ function _debug_html($info, $var=null){ print ''.$info.' '.($this->_time() - $this->start).'s
'; @@ -759,8 +768,8 @@ class HTTPClient { /** * prints debug info as plain text * - * @param $info - * @param null $var + * @param string $info + * @param mixed $var */ function _debug_text($info, $var=null){ print '*'.$info.'* '.($this->_time() - $this->start)."s\n"; @@ -770,6 +779,8 @@ class HTTPClient { /** * Return current timestamp in microsecond resolution + * + * @return float */ static function _time(){ list($usec, $sec) = explode(" ", microtime()); @@ -782,6 +793,9 @@ class HTTPClient { * All Keys are lowercased. * * @author Andreas Gohr + * + * @param string $string + * @return array */ function _parseHeaders($string){ $headers = array(); @@ -810,6 +824,9 @@ class HTTPClient { * convert given header array to header string * * @author Andreas Gohr + * + * @param array $headers + * @return string */ function _buildHeaders($headers){ $string = ''; @@ -824,6 +841,8 @@ class HTTPClient { * get cookies as http header string * * @author Andreas Goetz + * + * @return string */ function _getCookies(){ $headers = ''; @@ -839,6 +858,9 @@ class HTTPClient { * Encode data for posting * * @author Andreas Gohr + * + * @param array $data + * @return string */ function _postEncode($data){ return http_build_query($data,'','&'); @@ -849,6 +871,9 @@ class HTTPClient { * * @fixme use of urlencode might be wrong here * @author Andreas Gohr + * + * @param array $data + * @return string */ function _postMultipartEncode($data){ $boundary = '--'.$this->boundary; -- cgit v1.2.3 From dc193bd914e6c9cd3d0d1df7e171d38e8da407e5 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 11 Dec 2014 21:35:04 +0100 Subject: prefer TLS for SSL Tunnel connections #915 --- inc/HTTPClient.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 2e991b52f..4112932c4 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -589,7 +589,13 @@ class HTTPClient { $this->_debug('SSL Tunnel Response',$r_headers); if(preg_match('/^HTTP\/1\.[01] 200/i',$r_headers)){ - if (stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { + // Try a TLS connection first + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + $requesturl = $requestinfo['path']; + return true; + } + // Fall back to SSLv3 + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { $requesturl = $requestinfo['path']; return true; } -- cgit v1.2.3 From 4343d40d6272b3148e99369d2f16d60f90c835a5 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 11 Dec 2014 23:39:21 +0100 Subject: set correct peer name when connecting through a SSL tunnel proxy --- inc/HTTPClient.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 4112932c4..c791b7f4a 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -589,6 +589,9 @@ class HTTPClient { $this->_debug('SSL Tunnel Response',$r_headers); if(preg_match('/^HTTP\/1\.[01] 200/i',$r_headers)){ + // set correct peer name for verification (enabled since PHP 5.6) + stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']); + // Try a TLS connection first if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { $requesturl = $requestinfo['path']; -- cgit v1.2.3 From c05ef534171135f4252fa0feed5466a75435b97a Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 12 Dec 2014 01:30:38 +0100 Subject: seems we need to do SSL/TLS checks the other way round --- inc/HTTPClient.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index c791b7f4a..76d973c38 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -592,13 +592,15 @@ class HTTPClient { // set correct peer name for verification (enabled since PHP 5.6) stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']); - // Try a TLS connection first - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + // Because of older PHP versions having trouble with TLS (enable_crypto returns true, but + // the conection still borks) we try SSLv3 first + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - // Fall back to SSLv3 - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { + + // If the proxy does not support SSLv3 we try TLS + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { $requesturl = $requestinfo['path']; return true; } -- cgit v1.2.3 From 09513545a4776e31b5fb113bd8741df1df878816 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 18 Mar 2015 11:19:04 +0100 Subject: give better error message in HTTPClient for failed crypto setup --- inc/HTTPClient.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 76d973c38..24b3a8d78 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -604,6 +604,8 @@ class HTTPClient { $requesturl = $requestinfo['path']; return true; } + + throw new HTTPClientException('Failed to set up crypto for secure proxy connection', -151); } throw new HTTPClientException('Failed to establish secure proxy connection', -150); -- cgit v1.2.3 From 6abea1c0be56a2cb5575c8921c3e6661ed565697 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 18 Mar 2015 21:55:59 +0100 Subject: fixed HTTPS proxy tests, our tests now run on httpbin.org This also reverses the order of crypto protocols tried again. Using TLS first again. related to #915 --- inc/HTTPClient.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'inc/HTTPClient.php') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 24b3a8d78..092216c57 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -592,20 +592,22 @@ class HTTPClient { // set correct peer name for verification (enabled since PHP 5.6) stream_context_set_option($socket, 'ssl', 'peer_name', $requestinfo['host']); - // Because of older PHP versions having trouble with TLS (enable_crypto returns true, but - // the conection still borks) we try SSLv3 first - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { + // because SSLv3 is mostly broken, we try TLS connections here first. + // according to https://github.com/splitbrain/dokuwiki/commit/c05ef534 we had problems with certain + // setups with this solution before, but we have no usable test for that and TLS should be the more + // common crypto by now + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - // If the proxy does not support SSLv3 we try TLS - if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + // if the above failed, this will most probably not work either, but we can try + if (@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) { $requesturl = $requestinfo['path']; return true; } - throw new HTTPClientException('Failed to set up crypto for secure proxy connection', -151); + throw new HTTPClientException('Failed to set up crypto for secure connection to '.$requestinfo['host'], -151); } throw new HTTPClientException('Failed to establish secure proxy connection', -150); -- cgit v1.2.3