diff --git a/.travis.yml b/.travis.yml index 3e08e6b5..9d27df43 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,11 +27,12 @@ before_script: script: # to have code coverage: --coverage-clover=coverage.clover - phpunit tests LOCALSERVER=localhost URI=/demo/server/server.php HTTPSSERVER=localhost HTTPSURI=/demo/server/server.php PROXY=localhost:8080 HTTPSVERIFYHOST=0 HTTPSIGNOREPEER=1 + phpunit tests LOCALSERVER=localhost URI=/demo/server/server.php HTTPSSERVER=localhost HTTPSURI=/demo/server/server.php PROXY=localhost:8080 HTTPSVERIFYHOST=0 SSLVERSION=3 after_failure: - cat apache_error.log - cat apache_access.log + - php -i after_script: # # upload code-coverage to Scrutinizer diff --git a/src/Client.php b/src/Client.php index 6ec59eb7..4586b707 100644 --- a/src/Client.php +++ b/src/Client.php @@ -23,6 +23,7 @@ class Client public $keypass = ''; public $verifypeer = true; public $verifyhost = 2; + public $sslversion = 0; // corresponds to CURL_SSLVERSION_DEFAULT public $no_multicall = false; public $proxy = ''; public $proxyport = 0; @@ -218,6 +219,16 @@ public function setSSLVerifyHost($i) $this->verifyhost = $i; } + /** + * Set attributes for SSL communication: SSL version to use. Best left at 0 (default value ): let cURL decide + * + * @param int $i + */ + public function setSSLVersion($i) + { + $this->sslversion = $i; + } + /** * Set proxy info. * @@ -364,7 +375,8 @@ public function & send($msg, $timeout = 0, $method = '') $this->proxy_authtype, $this->keepalive, $this->key, - $this->keypass + $this->keypass, + $this->sslversion ); } elseif ($method == 'http11') { $r = $this->sendPayloadCURL( @@ -562,11 +574,11 @@ private function sendPayloadHTTP10($msg, $server, $port, $timeout = 0, private function sendPayloadHTTPS($msg, $server, $port, $timeout = 0, $username = '', $password = '', $authtype = 1, $cert = '', $certpass = '', $cacert = '', $cacertdir = '', $proxyhost = '', $proxyport = 0, $proxyusername = '', $proxypassword = '', $proxyauthtype = 1, - $keepalive = false, $key = '', $keypass = '') + $keepalive = false, $key = '', $keypass = '', $sslversion = 0) { $r = $this->sendPayloadCURL($msg, $server, $port, $timeout, $username, $password, $authtype, $cert, $certpass, $cacert, $cacertdir, $proxyhost, $proxyport, - $proxyusername, $proxypassword, $proxyauthtype, 'https', $keepalive, $key, $keypass); + $proxyusername, $proxypassword, $proxyauthtype, 'https', $keepalive, $key, $keypass, $sslversion); return $r; } @@ -579,7 +591,7 @@ private function sendPayloadHTTPS($msg, $server, $port, $timeout = 0, $username private function sendPayloadCURL($msg, $server, $port, $timeout = 0, $username = '', $password = '', $authtype = 1, $cert = '', $certpass = '', $cacert = '', $cacertdir = '', $proxyhost = '', $proxyport = 0, $proxyusername = '', $proxypassword = '', $proxyauthtype = 1, $method = 'https', - $keepalive = false, $key = '', $keypass = '') + $keepalive = false, $key = '', $keypass = '', $sslversion = 0) { if (!function_exists('curl_init')) { $this->errstr = 'CURL unavailable on this install'; @@ -727,6 +739,8 @@ private function sendPayloadCURL($msg, $server, $port, $timeout = 0, $username = } // whether to verify cert's common name (CN); 0 for no, 1 to verify that it exists, and 2 to verify that it matches the hostname used curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, $this->verifyhost); + // allow usage of different SSL versions + curl_setopt($curl, CURLOPT_SSLVERSION, $sslversion); } // proxy info diff --git a/tests/4LocalhostMultiTest.php b/tests/4LocalhostMultiTest.php index 2b2ba670..51a89332 100644 --- a/tests/4LocalhostMultiTest.php +++ b/tests/4LocalhostMultiTest.php @@ -153,8 +153,9 @@ function testHttps() $this->method = 'https'; $this->client->method = 'https'; $this->client->path = $this->args['HTTPSURI']; - $this->client->setSSLVerifyPeer( !$this->args['HTTPSIGNOREPEER'] ); - $this->client->setSSLVerifyHost($this->args['HTTPSVERIFYHOST'] ); + $this->client->setSSLVerifyPeer(!$this->args['HTTPSIGNOREPEER']); + $this->client->setSSLVerifyHost($this->args['HTTPSVERIFYHOST']); + $this->client->setSSLVersion($this->args['SSLVERSION']); $this->_runtests(); } @@ -175,8 +176,9 @@ function testHttpsProxy() $this->client->method = 'https'; $this->client->setProxy($this->args['PROXYSERVER'], $this->args['PROXYPORT']); $this->client->path = $this->args['HTTPSURI']; - $this->client->setSSLVerifyPeer( !$this->args['HTTPSIGNOREPEER'] ); - $this->client->setSSLVerifyHost($this->args['HTTPSVERIFYHOST'] ); + $this->client->setSSLVerifyPeer(!$this->args['HTTPSIGNOREPEER']); + $this->client->setSSLVerifyHost($this->args['HTTPSVERIFYHOST']); + $this->client->setSSLVersion($this->args['SSLVERSION']); $this->_runtests(); } diff --git a/tests/parse_args.php b/tests/parse_args.php index 0d211915..b2e438ea 100644 --- a/tests/parse_args.php +++ b/tests/parse_args.php @@ -12,6 +12,7 @@ * @param string NOPROXY * @param bool HTTPSIGNOREPEER * @param int HTTPSVERIFYHOST + * @param int SSLVERSION * * @copyright (C) 2007-2015 G. Giunta * @license code licensed under the BSD License: see file license.txt @@ -29,6 +30,7 @@ public static function getArgs() 'HTTPSURI' => '/sw/xmlrpc/demo/server/server.php', 'HTTPSIGNOREPEER' => false, 'HTTPSVERIFYHOST' => 2, + 'SSLVERSION' => 0, 'PROXYSERVER' => null, 'NOPROXY' => false, 'LOCALPATH' => __DIR__, @@ -75,6 +77,9 @@ public static function getArgs() if (isset($HTTPSVERIFYHOST)) { $args['HTTPSVERIFYHOST'] = (int)$HTTPSVERIFYHOST; } + if (isset($SSLVERSION)) { + $args['SSLVERSION'] = (int)$SSLVERSION; + } if (isset($PROXY)) { $arr = explode(':', $PROXY); $args['PROXYSERVER'] = $arr[0];