From 659368cf4452bea7b799659941798a42758764ab Mon Sep 17 00:00:00 2001 From: Gennady Kovshenin Date: Sun, 11 Feb 2018 22:31:41 +0500 Subject: [PATCH] Fix multi-call SSL verify propagation in cURL The `request_multi` method does not take into account the verify option, unlike `request`. Moved the verify logic into `setup_handler` which does all the `curl_setopt` calls anyway and is called from both the multiple and single request options. With tests. Contigent on #310 for fsockopen verify fix. Fixes #294 --- library/Requests/Transport/cURL.php | 28 ++++++++++++------------ library/Requests/Transport/fsockopen.php | 2 ++ tests/Transport/Base.php | 28 ++++++++++++++++++++++++ 3 files changed, 44 insertions(+), 14 deletions(-) diff --git a/library/Requests/Transport/cURL.php b/library/Requests/Transport/cURL.php index 4429edb64..6ebd891ed 100644 --- a/library/Requests/Transport/cURL.php +++ b/library/Requests/Transport/cURL.php @@ -145,20 +145,6 @@ public function request($url, $headers = array(), $data = array(), $options = ar $this->response_byte_limit = $options['max_bytes']; } - if (isset($options['verify'])) { - if ($options['verify'] === false) { - curl_setopt($this->handle, CURLOPT_SSL_VERIFYHOST, 0); - curl_setopt($this->handle, CURLOPT_SSL_VERIFYPEER, 0); - } - elseif (is_string($options['verify'])) { - curl_setopt($this->handle, CURLOPT_CAINFO, $options['verify']); - } - } - - if (isset($options['verifyname']) && $options['verifyname'] === false) { - curl_setopt($this->handle, CURLOPT_SSL_VERIFYHOST, 0); - } - curl_exec($this->handle); $response = $this->response_data; @@ -390,6 +376,20 @@ protected function setup_handle($url, $headers, $data, $options) { curl_setopt($this->handle, CURLOPT_WRITEFUNCTION, array(&$this, 'stream_body')); curl_setopt($this->handle, CURLOPT_BUFFERSIZE, Requests::BUFFER_SIZE); } + + if (isset($options['verify'])) { + if ($options['verify'] === false) { + curl_setopt($this->handle, CURLOPT_SSL_VERIFYHOST, 0); + curl_setopt($this->handle, CURLOPT_SSL_VERIFYPEER, 0); + } + elseif (is_string($options['verify'])) { + curl_setopt($this->handle, CURLOPT_CAINFO, $options['verify']); + } + } + + if (isset($options['verifyname']) && $options['verifyname'] === false) { + curl_setopt($this->handle, CURLOPT_SSL_VERIFYHOST, 0); + } } /** diff --git a/library/Requests/Transport/fsockopen.php b/library/Requests/Transport/fsockopen.php index 21cb56d5e..dcd541fc9 100644 --- a/library/Requests/Transport/fsockopen.php +++ b/library/Requests/Transport/fsockopen.php @@ -92,6 +92,8 @@ public function request($url, $headers = array(), $data = array(), $options = ar if (isset($options['verify'])) { if ($options['verify'] === false) { $context_options['verify_peer'] = false; + $context_options['verify_peer_name'] = false; + $verifyname = false; } elseif (is_string($options['verify'])) { $context_options['cafile'] = $options['verify']; diff --git a/tests/Transport/Base.php b/tests/Transport/Base.php index 566e09fad..f2415c2fd 100644 --- a/tests/Transport/Base.php +++ b/tests/Transport/Base.php @@ -764,6 +764,34 @@ public function testMultipleToFile() { unlink($requests['post']['options']['filename']); } + public function testMultipleWithNoVerify() { + if ($this->skip_https) { + $this->markTestSkipped('SSL support is not available.'); + return; + } + + $requests = array( + 'test1' => array( + 'url' => 'https://wrong.host.badssl.com/', + 'options' => array('verify' => false), + ), + 'test2' => array( + 'url' => 'https://wrong.host.badssl.com/' + ), + ); + + $responses = Requests::request_multiple($requests, $this->getOptions()); + + // test1 + $this->assertNotEmpty($responses['test1']); + $this->assertInstanceOf('Requests_Response', $responses['test1']); + $this->assertEquals(200, $responses['test1']->status_code); + + // test2 + $this->assertNotEmpty($responses['test2']); + $this->assertInstanceOf('Requests_Exception', $responses['test2']); + } + public function testAlternatePort() { $request = Requests::get('http://portquiz.net:8080/', array(), $this->getOptions()); $this->assertEquals(200, $request->status_code);