define default ssl context parameter and ensure ssl connection is alw…

…ays secure
php-amqplib · Jan 13, 2023 · 26b4c34 · 26b4c34
1 parent fc04c9f
commit 26b4c34
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 16 deletions.
diff --git a/PhpAmqpLib/Connection/AMQPConnectionConfig.php b/PhpAmqpLib/Connection/AMQPConnectionConfig.php
@@ -101,8 +101,8 @@ final class AMQPConnectionConfig
     /** @var string|null */
     private $sslKey;
 
-    /** @var bool|null */
-    private $sslVerify;
+    /** @var bool */
+    private $sslVerify = true;
 
     /** @var bool|null */
     private $sslVerifyName;
@@ -440,12 +440,12 @@ public function setSslKey(?string $sslKey): void
         $this->sslKey = $sslKey;
     }
 
-    public function getSslVerify(): ?bool
+    public function getSslVerify(): bool
     {
         return $this->sslVerify;
     }
 
-    public function setSslVerify(?bool $sslVerify): void
+    public function setSslVerify(bool $sslVerify): void
     {
         $this->sslVerify = $sslVerify;
     }

diff --git a/PhpAmqpLib/Connection/AMQPSSLConnection.php b/PhpAmqpLib/Connection/AMQPSSLConnection.php
@@ -27,7 +27,10 @@ public function __construct(
         $ssl_protocol = 'ssl',
         ?AMQPConnectionConfig $config = null
     ) {
-        $ssl_context = empty($ssl_options) ? null : $this->createSslContext($ssl_options);
+        if (empty($ssl_options)) {
+            $ssl_options = ['verify_peer' => true];
+        }
+        $ssl_context = $this->createSslContext($ssl_options);
         parent::__construct(
             $host,
             $port,

diff --git a/PhpAmqpLib/Wire/IO/StreamIO.php b/PhpAmqpLib/Wire/IO/StreamIO.php
@@ -54,7 +54,7 @@ public function __construct(
             $context = stream_context_create();
         }
 
-        $this->protocol = 'tcp';
+        $this->protocol = $ssl_protocol ?? 'tcp';
         $this->host = $host;
         $this->port = $port;
         $this->connection_timeout = $connection_timeout;
@@ -67,15 +67,6 @@ public function __construct(
         $this->canDispatchPcntlSignal = $this->isPcntlSignalEnabled();
 
         stream_context_set_option($this->context, 'socket', 'tcp_nodelay', true);
-
-        $options = stream_context_get_options($this->context);
-        if (!empty($options['ssl'])) {
-            if (isset($ssl_protocol)) {
-                $this->protocol = $ssl_protocol;
-            } else {
-                $this->protocol = 'ssl';
-            }
-        }
     }
 
     /**

diff --git a/tests/Functional/AbstractConnectionTest.php b/tests/Functional/AbstractConnectionTest.php
@@ -31,7 +31,7 @@ protected function conection_create(
             $config->setSslCaPath($options['ssl']['capath'] ?? null);
             $config->setSslCert($options['ssl']['local_cert'] ?? null);
             $config->setSslKey($options['ssl']['local_pk'] ?? null);
-            $config->setSslVerify($options['ssl']['verify_peer'] ?? null);
+            $config->setSslVerify($options['ssl']['verify_peer'] ?? false);
             $config->setSslVerifyName($options['ssl']['verify_peer_name'] ?? null);
             $config->setSslPassPhrase($options['ssl']['passphrase'] ?? null);
             $config->setSslCiphers($options['ssl']['ciphers'] ?? null);