Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[HttpClient] use CurlHttpClient on Windows if cafile or capath is set in default options #40676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
n0rbyt3 opened this issue Apr 1, 2021 · 3 comments
Closed

[HttpClient] use CurlHttpClient on Windows if cafile or capath is set in default options #40676

n0rbyt3 opened this issue Apr 1, 2021 · 3 comments
Labels
Bug HttpClient Status: Needs Review

Comments

@n0rbyt3
Copy link
Contributor

n0rbyt3 commented Apr 1, 2021

Symfony version(s) affected: 5.2.6

Description
I get the following warning and notice:

User Warning: Configure the "curl.cainfo", "openssl.cafile" or "openssl.capath" php.ini setting to enable the CurlHttpClient
User Notice: Upgrade the curl extension or run "composer require amphp/http-client" to perform async HTTP operations, including full HTTP/2 support

I am on Windows and don't have these options set in my php.ini, but I have set cafile

How to reproduce

  • on Windows, enable the curl PHP extension. Don't set any options in php.ini.
  • create a symfony app, add symfony/http-client
  • get a valid certificate in PEM format
  • edit app/config/packages/framework.yaml, set http_client -> default_options -> cafile: <path to PEM file>
  • inject HttpClientInterface, perform a request

Possible Solution
I guess this check in HttpClient::create is faulty:
if ('\\' !== \DIRECTORY_SEPARATOR || ini_get('curl.cainfo') || ini_get('openssl.cafile') || ini_get('openssl.capath'))

Extending it with isset($defaultOptions['cafile']) || isset($defaultOptions['capath']) fixes both log messages.
However, CurlHttpClient can also be used if you set cafile or capath on options for scoped clients, but these options aren't available in the factory.

Why is this check present anyway? CurlHttpClient works great on Windows without any of these options.

Additional context
@n0rbyt3 n0rbyt3 added the Bug label Apr 1, 2021
@nicolas-grekas
Copy link
Member

Extending it with isset($defaultOptions['cafile']) || isset($defaultOptions['capath'])

That is certainly a good idea, PR welcome.

CurlHttpClient can also be used if you set cafile or capath on options for scoped clients, but these options aren't available in the factory.

I'm not sure what you mean. Options on scoped clients are meant to override the default options - but the default client still has to work on its own.

CurlHttpClient works great on Windows without any of these options

I added these checks in #32022, but I don't remember exactly how/when I experienced the issue...

@n0rbyt3 n0rbyt3 mentioned this issue Apr 3, 2021
Merged
@n0rbyt3
Copy link
Contributor Author

n0rbyt3 commented Apr 3, 2021
edited
Loading

I added these checks in #32022, but I don't remember exactly how/when I experienced the issue...

That is really interesting. Without having these options set on Windows, curl will not be able to get certificate information.

When the "capture_peer_cert_chain" option is true, the "peer_certificate_chain" attribute SHOULD list the peer certificates as an array of OpenSSL X.509 resources.

However, the ResponseInterface contract allows empty information. I don't see any valid reasons for these messages to exist.

derrabus added a commit that referenced this issue Apr 4, 2021
@derrabus
bug #40702 [HttpClient] allow CurlHttpClient on Windows (n0rbyt3)
3b1948f 
This PR was merged into the 4.4 branch.

Discussion
----------

[HttpClient] allow CurlHttpClient on Windows

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | #40676
| License       | MIT
| Doc PR        | no

Even if you don't set curl options or openssl cert options on Windows in ```php.ini```, you should be able to use ```CurlHttpClient``` if ```cafile``` or ```capath``` options are set as default options as they will override the options in ```php.ini```.

Commits
-------

6609a17 allow CurlHttpClient on Windows
@fancyweb
Copy link
Contributor

fancyweb commented Apr 7, 2021

This issue can be closed.

@stof stof closed this as completed Apr 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpClient Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nicolas-grekas @stof @fancyweb @n0rbyt3 @carsonbot