From 2bbe40cf8802bbc3bbf83d454cc294080ebaf241 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 11 Feb 2014 23:01:29 +0100
Subject: [PATCH] HTTPClient: correctly abort a proxy connection
if a needed CONNECT tunnel fails
---
.../tests/inc/httpclient_http_proxy.test.php | 1 -
.../tests/inc/httpclient_https_proxy.test.php | 15 ++++++++++++
inc/HTTPClient.php | 23 +++++++++++++------
3 files changed, 31 insertions(+), 8 deletions(-)
diff --git a/_test/tests/inc/httpclient_http_proxy.test.php b/_test/tests/inc/httpclient_http_proxy.test.php
index 61228ad94..c44dc7ed7 100644
--- a/_test/tests/inc/httpclient_http_proxy.test.php
+++ b/_test/tests/inc/httpclient_http_proxy.test.php
@@ -18,5 +18,4 @@ class httpclient_http_proxy_test extends DokuWikiTest {
$this->assertFalse($data === false, 'HTTP response '.$http->error);
$this->assertTrue(strpos($data,'DokuWiki') !== false, 'response content');
}
-
}
\ No newline at end of file
diff --git a/_test/tests/inc/httpclient_https_proxy.test.php b/_test/tests/inc/httpclient_https_proxy.test.php
index aca3b3be2..9402e91af 100644
--- a/_test/tests/inc/httpclient_https_proxy.test.php
+++ b/_test/tests/inc/httpclient_https_proxy.test.php
@@ -12,4 +12,19 @@ class httpclient_https_proxy_test extends httpclient_http_proxy_test {
}
parent::setUp();
}
+
+ /**
+ * @group internet
+ */
+ function test_connectfail(){
+ $http = new HTTPMockClient();
+ // proxy provided by Andrwe Lord Weber <dokuwiki@andrwe.org>
+ $http->proxy_host = 'proxy.andrwe.org';
+ $http->proxy_port = 8080;
+
+ // the proxy accepts connections to dokuwiki.org only - the connect call should fail
+ $data = $http->get('https://www.google.com');
+ $this->assertFalse($data);
+ $this->assertEquals(-150, $http->status);
+ }
}
\ No newline at end of file
diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index 96954fb47..2226103b3 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -304,11 +304,18 @@ class HTTPClient {
}
// try establish a CONNECT tunnel for SSL
- if($this->_ssltunnel($socket, $request_url)){
- // no keep alive for tunnels
- $this->keep_alive = false;
- // tunnel is authed already
- if(isset($headers['Proxy-Authentication'])) unset($headers['Proxy-Authentication']);
+ try {
+ if($this->_ssltunnel($socket, $request_url)){
+ // no keep alive for tunnels
+ $this->keep_alive = false;
+ // tunnel is authed already
+ if(isset($headers['Proxy-Authentication'])) unset($headers['Proxy-Authentication']);
+ }
+ } catch (HTTPClientException $e) {
+ $this->status = $e->getCode();
+ $this->error = $e->getMessage();
+ fclose($socket);
+ return false;
}
// keep alive?
@@ -363,7 +370,7 @@ class HTTPClient {
// get Status
if (!preg_match('/^HTTP\/(\d\.\d)\s*(\d+).*?\n/', $r_headers, $m))
- throw new HTTPClientException('Server returned bad answer');
+ throw new HTTPClientException('Server returned bad answer '.$r_headers);
$this->status = $m[2];
@@ -526,6 +533,7 @@ class HTTPClient {
*
* @param resource &$socket
* @param string &$requesturl
+ * @throws HTTPClientException when a tunnel is needed but could not be established
* @return bool true if a tunnel was established
*/
function _ssltunnel(&$socket, &$requesturl){
@@ -559,7 +567,8 @@ class HTTPClient {
return true;
}
}
- return false;
+
+ throw new HTTPClientException('Failed to establish secure proxy connection', -150);
}
/**
--
GitLab