Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 8, 2020. It is now read-only.

SSL CA File support. #5870

Merged
ezimuel merged 2 commits into from
Mar 5, 2014
Merged

SSL CA File support. #5870

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2ff69b6
SSL CA File support.
icywolfy Feb 25, 2014
705f9e9
Add Tests.
icywolfy Feb 25, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion library/Zend/Http/Client/Adapter/Socket.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ class Socket implements HttpAdapter, StreamInterface
'sslcert' => null,
'sslpassphrase' => null,
'sslverifypeer' => true,
'sslcafile' => null,
'sslcapath' => null,
'sslallowselfsigned' => false,
'sslusecontext' => false
Expand Down Expand Up @@ -205,6 +206,12 @@ public function connect($host, $port = 80, $secure = false)
}
}

if ($this->config['sslcafile']) {
if (!stream_context_set_option($context, 'ssl', 'cafile', $this->config['sslcafile'])) {
throw new AdapterException\RuntimeException('Unable to set sslcafile option');
}
}

if ($this->config['sslcapath']) {
if (!stream_context_set_option($context, 'ssl', 'capath', $this->config['sslcapath'])) {
throw new AdapterException\RuntimeException('Unable to set sslcapath option');
Expand Down Expand Up @@ -287,7 +294,11 @@ public function connect($host, $port = 80, $secure = false)

if ((! $errorString) && $this->config['sslverifypeer']) {
// There's good chance our error is due to sslcapath not being properly set
if (! ($this->config['sslcapath'] && is_dir($this->config['sslcapath']))) {
if (! ($this->config['sslcafile'] || $this->config['sslcapath'])) {
$errorString = 'make sure the "sslcafile" or "sslcapath" option are properly set for the environment.';
} elseif ($this->config['sslcafile'] && !is_file($this->config['sslcafile'])) {
$errorString = 'make sure the "sslcafile" option points to a valid SSL certificate file';
} elseif ($this->config['sslcapath'] && !is_dir($this->config['sslcapath'])) {
$errorString = 'make sure the "sslcapath" option points to a valid SSL certificate directory';
}
}
Expand Down
24 changes: 24 additions & 0 deletions tests/ZendTest/Http/Client/SocketTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,30 @@ public function testConnectingViaSslEnforcesDefaultSslOptionsOnContext()
$this->assertFalse($options['ssl']['allow_self_signed']);
}


/**
* Test Certificate File Option
* The configuration is set to a legitimate certificate bundle file,
* to exclude errors from being thrown from an invalid cafile context being set.
*/
public function testConnectingViaSslUsesCertificateFileContext()
{
$config = array(
'timeout' => 30,
'sslcafile' => __DIR__ . '/_files/ca-bundle.crt',
);
$this->_adapter->setOptions($config);
try {
$this->_adapter->connect('localhost', 443, true);
} catch (\Zend\Http\Client\Adapter\Exception\RuntimeException $e) {
// Test is designed to allow connect failure because we're interested
// only in the stream context state created within that method.
}
$context = $this->_adapter->getStreamContext();
$options = stream_context_get_options($context);
$this->assertEquals($config['sslcafile'], $options['ssl']['cafile']);
}

/**
* Test that a Zend\Config object can be used to set configuration
*
Expand Down
Loading