SSL Options for ARC2_Reader
From: =?iso-8859-1?Q?Hannes_M=FChleisen?=
Subject: SSL Options for ARC2_Reader
Date: Wed, 21 Oct 2009 13:28:38 +0200
--Apple-Mail-146-791927598
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii;
format=flowed;
delsp=yes
Hello everybody,
For a current project I needed to have Arc use SSL client certificates
when dereferencing https:// URIs.
As this was not possible with the current version of Arc (2009-10-16),
I have created the attached patch for ARC2_Reader.php which enables
this functionality.
One can now - for example - use the following configuration:
$config = array(
/* ... */
'arc_reader_ssl_local_cert' => '/some/path/to/somecertAndKey.pem',
'arc_reader_ssl_passphrase' => 'somePass',
'arc_reader_ssl_allow_self_signed' => true,
);
$store = ARC2::getStore($config);
To achieve some sort of completeness, the patch enables all options
mentioned within the PHP doc (http://www.php.net/manual/en/context.ssl.php
).
All can be set in the ARC configuration using their name with the
"arc_reader_ssl_" prefix.
Hope this helps someone
Greetings from Berlin
Hannes
--Apple-Mail-146-791927598
Content-Disposition: attachment;
filename=arc-ssl.patch
Content-Type: application/octet-stream;
x-unix-mode=0644;
name="arc-ssl.patch"
Content-Transfer-Encoding: 7bit
--- Documents/code/Together/addressbook/lib/arc/ARC2_Reader.php 2009-10-21 13:00:55.000000000 +0200
+++ Downloads/arc/ARC2_Reader.php 2009-09-08 12:45:12.000000000 +0200
@@ -202,15 +202,7 @@
$s = @fsockopen($this->a['proxy_host'], $this->a['proxy_port'], $errno, $errstr, $this->timeout);
}
elseif ($parts['scheme'] == 'https') {
- // SSL options can be set via config array
- $context = $this->getSSLContext();
-
- $s = @stream_socket_client(
- 'ssl://' . $parts['host'] . ':' . $parts['port'], // URL
- $errno, $errstr, $this->timeout, // Error stuff, timeouts
- STREAM_CLIENT_CONNECT, // access mode
- $context); // Client context as set above
-
+ $s = @fsockopen('ssl://' . $parts['host'], $parts['port'], $errno, $errstr, $this->timeout);
}
elseif ($parts['scheme'] == 'http') {
$s = fsockopen($parts['host'], $parts['port'], $errno, $errstr, $this->timeout);
@@ -357,48 +349,6 @@
return $this->redirects;
}
- /* Create an SSL context for HTTPS requests
- * see <http://www.php.net/manual/en/context.ssl.php> for explanations
- * author: Hannes Muehleisen, muehleis@informatik.hu-berlin.de
- */
-
- private function getSSLContext() {
- $context = stream_context_create();
-
- stream_context_set_option($context, 'ssl', 'verify_peer',
- $this->v('arc_reader_ssl_verify_peer', false, $this->a));
-
- stream_context_set_option($context, 'ssl', 'allow_self_signed',
- $this->v('arc_reader_ssl_allow_self_signed', false, $this->a));
-
- if (($sslCaFile = $this->v('arc_reader_ssl_cafile', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'cafile', $sslCaFile);
-
- if (($sslCaPath = $this->v('arc_reader_ssl_capath', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'capath', $sslCaPath);
-
- if (($sslLocalCert = $this->v('arc_reader_ssl_local_cert', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'local_cert', $sslLocalCert);
-
- if (($sslPassPhrase = $this->v('arc_reader_ssl_passphrase', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'passphrase', $sslPassPhrase);
-
- if (($sslCnMatch = $this->v('arc_reader_ssl_CN_match', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'CN_match', $sslCnMatch);
-
- if (($sslVerifyDepth = $this->v('arc_reader_ssl_verify_depth', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'verify_depth', $sslVerifyDepth);
-
- if (($sslCiphers = $this->v('arc_reader_ssl_ciphers', false, $this->a)) !== false)
- stream_context_set_option($context, 'ssl', 'ciphers', $sslCiphers);
-
- stream_context_set_option($context, 'ssl', 'capture_peer_cert',
- $this->v('arc_reader_ssl_capture_peer_cert', false, $this->a));
-
- stream_context_set_option($context, 'ssl', 'capture_peer_chain',
- $this->v('arc_reader_ssl_capture_peer_chain', false, $this->a));
-
- return $context;
- }
+ /* */
}
--Apple-Mail-146-791927598--
""" ;
ns1:returnPath "<hannes@living-site.net>" ;
ns1:xOriginalTo "arc-dev@semsol.org" ;
ns1:deliveredTo "web11p1@p15192371.pureserver.info" ;
ns1:received """from [10.0.1.100] (e179153156.adsl.alicedsl.de [85.179.153.156])
by living-site.net (Postfix) with ESMTPA id 4E6AB7301C9
for <arc-dev@semsol.org>; Wed, 21 Oct 2009 13:28:39 +0200 (CEST)""" ;
ns1:from "=?iso-8859-1?Q?Hannes_M=FChleisen?= <hannes@living-site.net>" ;
ns1:contentType "multipart/mixed; boundary=Apple-Mail-146-791927598" ;
ns1:subject "SSL Options for ARC2_Reader" ;
ns1:date "Wed, 21 Oct 2009 13:28:38 +0200" ;
ns1:messageId "<BCAB6E6A-1B4E-4925-B685-476EFBECF0CE@living-site.net>" ;
ns1:to "arc-dev@semsol.org" ;
ns1:mimeVersion "1.0 (Apple Message framework v1076)" ;
ns1:xMailer "Apple Mail (2.1076)" ;
ns1:xSpamCheckerVersion """SpamAssassin 2.64 (2004-01-11) on
p15192371.pureserver.info