search

xp-framework / http

HTTP protocol support for the XP Framework
2 stars 2 forks source link

Skip SSL verification #19

Open thekid opened 8 years ago

thekid commented 8 years ago

Currently only possible via:

index 6cd14dc..b732637 100644
--- a/src/main/php/peer/http/SSLSocketHttpTransport.class.php
+++ b/src/main/php/peer/http/SSLSocketHttpTransport.class.php
@@ -21,11 +21,14 @@ class SSLSocketHttpTransport extends SocketHttpTransport {
    */
   protected function newSocket(\peer\URL $url, $arg) {
     if ('tls' === $arg) {
-      return new TLSSocket($url->getHost(), $url->getPort(443), null);
+      $s= new TLSSocket($url->getHost(), $url->getPort(443), null);
     } else {
       sscanf($arg, 'v%d', $version);
-      return new SSLSocket($url->getHost(), $url->getPort(443), null, $version);
+      $s= new SSLSocket($url->getHost(), $url->getPort(443), null, $version);
     }
+    $s->setVerifyPeer(false);
+    $s->setAllowSelfSigned(false);
+    return $s;
   }

(plus a couple more tweeks for proxy setups)

Especially for testing against self-signed certificates, this can be tedious. Maybe passing https+unverified://example.com/ can make this easier but not compromise default security

/cc @kiesel

kiesel commented 7 years ago

👍 for this - for development this is often necessary.